Fix Railway volume permissions for claim-capable runtime#60
Conversation
Co-authored-by: Codex <codex@openai.com>
|
Warning Review limit reached
Next review available in: 17 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (9)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7b2934a6ac
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Summary\n- keep the Railway template image claim-capable with zero-engine==0.1.6\n- allow the container wrapper to prepare Railway's mounted /data volume as root, then drop to the zero user before launching the paper API\n- extend the Railway template packet/readiness gates so this volume-permission behavior is checked\n\n## Why\nPR #59 correctly moved the public template to zero-engine==0.1.6, but the production Railway deploy failed because Railway mounted /data as root-owned after image build. The non-root container could not create /data/.zero, so healthcheck never passed.\n\nFailure evidence from deployment a6dfc50c-0d10-453d-ae5f-54ed67189cac:\n\n
text\nmkdir: cannot create directory '/data/.zero': Permission denied\nHealthcheck failed\n\n\n## Validation\n- scripts/railway_template_packet.py --output contracts/distribution/railway-template.json\n- scripts/railway_template_packet.py --check\n- python3 scripts/generate_llms_full.py\n- bash -n scripts/railway_start.sh scripts/railway_smoke.sh scripts/hardening_gate.sh scripts/public_readiness_gate.sh\n- scripts/public_readiness_gate.sh\n- scripts/hardening_gate.sh\n- git diff --check\n- local start-script smoke with zero-engine==0.1.6 verified /deployment/claim exposes engine-v0.1.6 and foundation_bootstrap_status\n\nDocker daemon is unavailable locally, but GitHub/Railway build evidence from PR #59 already proves the image builds and installs zero-engine==0.1.6; this PR fixes the runtime mount permission failure seen on Railway.\n\nAI-assisted change: yes\n\nCo-authored-by: Codex codex@openai.com