eec59fe63b
Container rebuild or volume wipe caused workspaces to lose /configs/.auth_token. On re-registration the platform returned no auth_token (HasAnyLiveToken==true → no re-issue), leaving the workspace unable to authenticate any subsequent API call. Fix: provisionWorkspaceOpts now calls issueAndInjectToken before Start(). This revokes any existing live tokens (plaintext is irrecoverable from the stored hash, so rotation is the only safe path) and issues a fresh token that is written into cfg.ConfigFiles[".auth_token"]. WriteFilesToContainer delivers it to /configs immediately after ContainerStart, racing safely ahead of the Python adapter's 1-2s startup time. Failure modes are soft: revoke or issue errors skip injection with a warning; provisioning continues and the workspace recovers on the next restart. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| cmd/server | ||
| internal | ||
| migrations | ||
| Dockerfile | ||
| Dockerfile.tenant | ||
| entrypoint-tenant.sh | ||
| go.mod | ||
| go.sum | ||