Apply fixes for permissions and proxy

Author: nezhar

docs/configuration.md

@@ -22,6 +22,10 @@ default_agent: claude
 # See docs/podman.md for setup instructions
 container_runtime: auto
 
+# Container user namespace mode passed to new containers (default: null)
+# For Podman, "keep-id" preserves host UID/GID on compatible images
+container_userns_mode: null
+
 # Pull the latest image before every run (default: true)
 # Can be overridden per agent with agents.<agent>.auto_pull
 auto_pull: true
@@ -110,6 +114,7 @@ These variables override the corresponding config keys without editing any file:
 | Variable | Config key | Example |
 |---|---|---|
 | `VP_CONTAINER_RUNTIME` | `container_runtime` | `VP_CONTAINER_RUNTIME=podman` |
+| `VP_CONTAINER_USERNS_MODE` | `container_userns_mode` | `VP_CONTAINER_USERNS_MODE=keep-id` |
 | `VP_DEFAULT_AGENT` | `default_agent` | `VP_DEFAULT_AGENT=gemini` |
 | `VP_AUTO_PULL` | `auto_pull` | `VP_AUTO_PULL=true` |
 | `VP_LOG_LEVEL` | `log_level` | `VP_LOG_LEVEL=debug` |
@@ -189,7 +194,7 @@ Commit this file to share project defaults with your team.
 
 VibePod starts a `vibepod-proxy` container alongside every agent. It acts as an HTTP(S) MITM proxy and logs all outbound requests to a SQLite database viewable in the Datasette UI (`vp logs start`).
 
-The proxy is reachable inside the Docker network as `http://vibepod-proxy:8080`. It is not published on a host port.
+VibePod injects the proxy endpoint into agent containers automatically over the internal runtime network. It is not published on a host port.
 
 To disable the proxy globally:
 

docs/podman.md

@@ -66,6 +66,8 @@ VibePod uses the standard [Docker SDK for Python](https://docker-py.readthedocs.
 
 The rootless Podman socket is discovered via `$XDG_RUNTIME_DIR/podman/podman.sock` (falling back to `/run/user/<uid>/podman/podman.sock`). The rootful socket at `/run/podman/podman.sock` is only used when running as root.
 
+VibePod allows up to 10 seconds for runtime detection probes. If your Podman socket is slower on a particular host, set `VP_RUNTIME_PROBE_TIMEOUT` to a larger value in seconds before running `vp`.
+
 ## Known limitations
 
 ### Interactive attach
@@ -77,6 +79,26 @@ vp run claude -d
 podman attach vibepod-claude-<id>
 ```
 
+### User namespace mapping
+
+If you want Podman to preserve your host UID/GID for compatible containers, set a user namespace mode such as `keep-id`:
+
+```bash
+vp run claude --runtime podman --userns keep-id
+```
+
+You can also set it globally:
+
+```bash
+export VP_CONTAINER_USERNS_MODE=keep-id
+```
+
+```yaml
+container_userns_mode: keep-id
+```
+
+This works best for images that run as your host UID. Images that switch to a different in-container user may still produce remapped ownership on bind mounts.
+
 ### Volume permissions
 
 Rootless Podman uses user-namespace remapping: your host UID is mapped to root inside the container, while other UIDs are mapped to subordinate ranges. Container images that drop privileges via `su` or `gosu` may encounter permission errors on bind-mounted files.

src/vibepod/cli.py

@@ -34,9 +34,14 @@ def _alias(bound_agent: str = agent_name) -> None:
 
 
 @app.command("ui", hidden=True)
-def alias_ui() -> None:
+def alias_ui(
+    port: int | None = None,
+    no_open: bool = False,
+    runtime: str | None = None,
+    userns: str | None = None,
+) -> None:
     """Alias for `vp logs start`."""
-    logs.logs_start()
+    logs.logs_start(port=port, no_open=no_open, runtime=runtime, userns=userns)
 
 
 for shortcut, agent in AGENT_SHORTCUTS.items():

src/vibepod/commands/logs.py

@@ -9,7 +9,7 @@
 import typer
 
 from vibepod.constants import EXIT_DOCKER_NOT_RUNNING
-from vibepod.core.config import get_config
+from vibepod.core.config import get_config, get_container_userns_mode
 from vibepod.core.docker import DockerClientError, get_manager
 from vibepod.utils.console import error, info, success, warning
 
@@ -24,9 +24,14 @@ def logs_start(
         str | None,
         typer.Option("--runtime", help="Container runtime to use (docker or podman)"),
     ] = None,
+    userns: Annotated[
+        str | None,
+        typer.Option("--userns", help="Container user namespace mode (for example keep-id)"),
+    ] = None,
 ) -> None:
     """Start or reuse Datasette for session and proxy logs."""
     config = get_config()
+    container_userns_mode = get_container_userns_mode(config, override=userns)
     log_cfg = config.get("logging", {})
     proxy_cfg = config.get("proxy", {})
 
@@ -49,6 +54,7 @@ def logs_start(
         logs_db_path=logs_db_path,
         proxy_db_path=proxy_db_path,
         port=datasette_port,
+        userns_mode=container_userns_mode,
     )
     success("Datasette is ready")
 
@@ -111,6 +117,10 @@ def logs_ui(
         str | None,
         typer.Option("--runtime", help="Container runtime to use (docker or podman)"),
     ] = None,
+    userns: Annotated[
+        str | None,
+        typer.Option("--userns", help="Container user namespace mode (for example keep-id)"),
+    ] = None,
 ) -> None:
     """Alias for `vp logs start`."""
-    logs_start(port=port, no_open=no_open, runtime=runtime)
+    logs_start(port=port, no_open=no_open, runtime=runtime, userns=userns)

src/vibepod/commands/proxy.py

@@ -8,7 +8,7 @@
 import typer
 
 from vibepod.constants import EXIT_DOCKER_NOT_RUNNING
-from vibepod.core.config import get_config
+from vibepod.core.config import get_config, get_container_userns_mode
 from vibepod.core.docker import DockerClientError, get_manager
 from vibepod.utils.console import error, info, success, warning
 
@@ -21,9 +21,14 @@ def proxy_start(
         str | None,
         typer.Option("--runtime", help="Container runtime to use (docker or podman)"),
     ] = None,
+    userns: Annotated[
+        str | None,
+        typer.Option("--userns", help="Container user namespace mode (for example keep-id)"),
+    ] = None,
 ) -> None:
     """Start the proxy container."""
     config = get_config()
+    container_userns_mode = get_container_userns_mode(config, override=userns)
     proxy_cfg = config.get("proxy", {})
 
     proxy_image = str(proxy_cfg.get("image", "vibepod/proxy:latest"))
@@ -53,6 +58,7 @@ def proxy_start(
         db_path=db_path,
         ca_dir=ca_dir,
         network=network_name,
+        userns_mode=container_userns_mode,
     )
     success("Proxy is running")
 

src/vibepod/commands/run.py

@@ -22,7 +22,7 @@
     get_agent_spec,
     resolve_agent_name,
 )
-from vibepod.core.config import get_config
+from vibepod.core.config import get_config, get_container_userns_mode
 from vibepod.core.docker import DockerClientError, DockerManager, get_manager
 from vibepod.core.session_logger import SessionLogger
 from vibepod.utils.console import error, info, success, warning
@@ -218,9 +218,14 @@ def run(
         str | None,
         typer.Option("--runtime", help="Container runtime to use (docker or podman)"),
     ] = None,
+    userns: Annotated[
+        str | None,
+        typer.Option("--userns", help="Container user namespace mode (for example keep-id)"),
+    ] = None,
 ) -> None:
     """Start an agent container."""
     config = get_config()
+    container_userns_mode = get_container_userns_mode(config, override=userns)
     selected_agent_input = agent or str(config.get("default_agent", "claude"))
     selected_agent = resolve_agent_name(selected_agent_input)
     if selected_agent is None:
@@ -320,11 +325,12 @@ def run(
             .resolve()
         )
 
-        manager.ensure_proxy(
+        proxy_container = manager.ensure_proxy(
             image=proxy_image,
             db_path=proxy_db_path,
             ca_dir=proxy_ca_dir or proxy_db_path.parent / "mitmproxy",
             network=network_name,
+            userns_mode=container_userns_mode,
         )
 
         if proxy_ca_path:
@@ -338,7 +344,8 @@ def run(
             if not ca_ready:
                 warning(f"Proxy CA not found yet at {proxy_ca_path}")
 
-        proxy_url = "http://vibepod-proxy:8080"
+        proxy_host = _get_container_ip(proxy_container, network_name) or "vibepod-proxy"
+        proxy_url = f"http://{proxy_host}:8080"
         merged_env.setdefault("HTTP_PROXY", proxy_url)
         merged_env.setdefault("HTTPS_PROXY", proxy_url)
         merged_env.setdefault("NO_PROXY", "localhost,127.0.0.1,::1")
@@ -368,6 +375,7 @@ def run(
         extra_volumes=extra_volumes,
         platform=spec.platform,
         user=container_user,
+        userns_mode=container_userns_mode,
         entrypoint=entrypoint,
     )
 

src/vibepod/core/config.py

@@ -32,6 +32,7 @@ def _default_config() -> dict[str, Any]:
         "default_agent": "claude",
         "auto_pull": True,
         "container_runtime": RUNTIME_AUTO,
+        "container_userns_mode": None,
         "auto_remove": True,
         "network": "vibepod-network",
         "log_level": "info",
@@ -144,6 +145,7 @@ def _apply_env(config: dict[str, Any]) -> dict[str, Any]:
     mappings: dict[str, tuple[str, Any]] = {
         "VP_DEFAULT_AGENT": ("default_agent", str),
         "VP_CONTAINER_RUNTIME": ("container_runtime", str),
+        "VP_CONTAINER_USERNS_MODE": ("container_userns_mode", lambda x: x.strip() or None),
         "VP_AUTO_PULL": ("auto_pull", lambda x: x.lower() == "true"),
         "VP_LOG_LEVEL": ("log_level", str),
         "VP_NO_COLOR": ("no_color", lambda x: x.lower() == "true"),
@@ -189,6 +191,18 @@ def get_config() -> dict[str, Any]:
     return config
 
 
+def get_container_userns_mode(
+    config: dict[str, Any],
+    override: str | None = None,
+) -> str | None:
+    """Return the configured container user namespace mode, if any."""
+    raw: Any = override if override is not None else config.get("container_userns_mode")
+    if raw is None:
+        return None
+    value = str(raw).strip()
+    return value or None
+
+
 def get_config_value(key: str, default: Any = None) -> Any:
     """Read a config value by dot notation."""
     value: Any = get_config()

src/vibepod/core/docker.py

@@ -97,8 +97,9 @@ def _prepare_volume_dir(self, path: Path) -> None:
         a non-root process started via ``su`` / ``gosu`` in the entrypoint
         gets a subordinate UID that cannot read host files with standard
         permissions.  Making VibePod-managed directories world-accessible
-        (``0o777``) avoids "Permission denied" errors without needing
-        ``userns_mode=keep-id`` (which breaks entrypoints that call ``su``).
+        (``0o777``) avoids "Permission denied" errors in the default Podman
+        setup. Users can opt into ``userns_mode=keep-id`` for compatible
+        images, but entrypoints that switch users may still need this fallback.
 
         This is only applied to directories VibePod itself creates — never
         to the user's workspace.
@@ -194,6 +195,7 @@ def run_agent(
         extra_volumes: list[tuple[str, str, str]] | None = None,
         platform: str | None = None,
         user: str | None = None,
+        userns_mode: str | None = None,
         entrypoint: list[str] | None = None,
     ) -> Any:
         container_name = name or f"vibepod-{agent}-{uuid4().hex[:8]}"
@@ -241,6 +243,8 @@ def run_agent(
                 run_kwargs["entrypoint"] = entrypoint
             if user:
                 run_kwargs["user"] = user
+            if userns_mode:
+                run_kwargs["userns_mode"] = userns_mode
 
             return self._run_container(**run_kwargs)
         except APIError as exc:
@@ -273,7 +277,12 @@ def find_datasette(self) -> Any | None:
         return containers[0] if containers else None
 
     def ensure_datasette(
-        self, image: str, logs_db_path: Path, proxy_db_path: Path, port: int
+        self,
+        image: str,
+        logs_db_path: Path,
+        proxy_db_path: Path,
+        port: int,
+        userns_mode: str | None = None,
     ) -> Any:
         existing = self.find_datasette()
         if existing:
@@ -319,6 +328,8 @@ def ensure_datasette(
             "volumes": volumes,
             "ports": {"8001/tcp": port},
         }
+        if userns_mode:
+            run_kwargs["userns_mode"] = userns_mode
 
         return self._run_container(**run_kwargs)
 
@@ -328,10 +339,22 @@ def find_proxy(self) -> Any | None:
         )
         return containers[0] if containers else None
 
-    def ensure_proxy(self, image: str, db_path: Path, ca_dir: Path, network: str) -> Any:
+    def ensure_proxy(
+        self,
+        image: str,
+        db_path: Path,
+        ca_dir: Path,
+        network: str,
+        userns_mode: str | None = None,
+    ) -> Any:
         existing = self.find_proxy()
         if existing:
+            existing.reload()
             if existing.status == "running":
+                attached = existing.attrs.get("NetworkSettings", {}).get("Networks", {}) or {}
+                if network not in attached:
+                    self.connect_network(existing, network)
+                    existing.reload()
                 return existing
             existing.remove(force=True)
 
@@ -364,8 +387,15 @@ def ensure_proxy(self, image: str, db_path: Path, ca_dir: Path, network: str) ->
             getgid = getattr(os, "getgid", None)
             if callable(getuid) and callable(getgid):
                 run_kwargs["user"] = f"{getuid()}:{getgid()}"
+        if userns_mode:
+            run_kwargs["userns_mode"] = userns_mode
 
-        return self._run_container(**run_kwargs)
+        container = self._run_container(**run_kwargs)
+        try:
+            container.reload()
+        except Exception:
+            pass
+        return container
 
     def attach_interactive(self, container: Any, logger: Any = None) -> None:
         """Attach local stdin/stdout to a running container TTY."""