fix: run Happy daemon as app user, not root

When init-repo.sh starts the happy daemon as root, HOME=/root so Happy and Claude Code can't find credentials stored in /home/user. The mobile app works when the user manually runs happy from a VSCode terminal (as the user user) because the right home dir is in scope. Use sudo -u with -E (preserve environment) so the daemon runs as the correct user while still inheriting the pod's env vars (HAPPY_SERVER_URL, HAPPY_WEBAPP_URL, ANTHROPIC_API_KEY, etc.). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 09:59:59 -05:00
3 changed files with 10 additions and 28 deletions
@@ -59,18 +59,9 @@ These MUST be configured before deployment:
 - **Format:** `ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
 - **Scopes:** `repo`

-### Anthropic API Key
- **Variable:** `ANTHROPIC_API_KEY`
- **File:** Kubernetes Secret (referenced by `envSecretName`)
- **Type:** String (Anthropic API key)
- **Description:** API key for Claude Code / Happy Coder authentication. Browser-based OAuth login does not work inside the VNC session, so this key is **required** for Happy Coder to function.
- **Required:** Yes (for Happy Coder / Claude Code)
- **Format:** `sk-ant-api03-...`
- **How to get:** https://console.anthropic.com/settings/keys
-
 ### VNC Password
 - **Variable:** `vnc-password`
- **File:** Kubernetes Secret (referenced by `envSecretName`)
+- **File:** Sealed Secret
 - **Type:** String
 - **Description:** Password for VNC web interface
 - **Required:** Recommended for security
@@ -295,9 +286,8 @@ hostnames:
 ### With Secrets
 ```bash
 kubectl create secret generic antigravity-secrets \
-  --from-literal=GITHUB_TOKEN='CHANGE_ME' \
-  --from-literal=VNC_PASSWORD='CHANGE_ME' \
-  --from-literal=ANTHROPIC_API_KEY='sk-ant-api03-...' \
+  --from-literal=github-token='CHANGE_ME' \
+  --from-literal=vnc-password='CHANGE_ME' \
  --dry-run=client -o yaml | \
  kubeseal --format=yaml > k8s/sealedsecrets.yaml
 ```
@@ -38,9 +38,6 @@ resources:
    memory: "8Gi"
    cpu: "4000m"

-# Name of existing Secret containing env vars. Defaults to: devcontainer-{name}-secrets-env
-# Recognized keys:
-#   GITHUB_TOKEN      — PAT for private repo access
-#   VNC_PASSWORD      — password for the VNC web UI
-#   ANTHROPIC_API_KEY — required for Claude Code / Happy Coder auth (browser login won't work in VNC)
+# Name of existing Secret containing env vars (GITHUB_TOKEN, VNC_PASSWORD, etc.)
+# Defaults to: devcontainer-{name}-secrets-env
 envSecretName: ""
@@ -59,18 +59,13 @@ chown -R "$RUN_UID:$RUN_GID" "$WORKSPACE_DIR"
 mkdir -p "$HOME"
 chown "$RUN_UID:$RUN_GID" "$HOME"

-# Warn if ANTHROPIC_API_KEY is not set — browser-based Claude login won't work in VNC
-if [ -z "$ANTHROPIC_API_KEY" ]; then
-    echo "WARNING: ANTHROPIC_API_KEY is not set."
-    echo "  Claude Code cannot authenticate via browser inside this container."
-    echo "  Add ANTHROPIC_API_KEY to your Kubernetes secret to enable Happy Coder."
-fi
-
-# Start Happy Coder daemon
+# Start Happy Coder daemon as the app user so it can access user credentials
+# (running as root means HOME=/root, Claude Code and Happy config would be missing)
 echo "Starting Happy Coder..."
-cd "$WORKSPACE_DIR"

-happy daemon start || echo "Happy Coder daemon failed to start, continuing anyway..."
+RUN_USER=$(id -nu "$RUN_UID" 2>/dev/null || echo "user")
+sudo -u "$RUN_USER" -E sh -c "cd '$WORKSPACE_DIR' && happy daemon start" \
+    || echo "Happy Coder daemon failed to start, continuing anyway..."

 echo "Happy Coder daemon started"