From a8b5571aea23bfb596ad07d50976f9097de5e1ef Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Sun, 8 Mar 2026 14:32:50 -0700
Subject: [PATCH] fix(deploy): pre-create workspace dir with correct ownership
 for OpenClaw containers

OpenClaw runs as node user (uid 1000) but the host directory was created as root,
causing EACCES when the container tried to create /home/node/.openclaw/workspace.

Now mkdir workspace/ and chown -R 1000:1000 before starting the container.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../infrastructure/services/agent-instance-deploy.service.ts   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/packages/services/agent-service/src/infrastructure/services/agent-instance-deploy.service.ts b/packages/services/agent-service/src/infrastructure/services/agent-instance-deploy.service.ts
index 705ce3d..f0b5320 100644
--- a/packages/services/agent-service/src/infrastructure/services/agent-instance-deploy.service.ts
+++ b/packages/services/agent-service/src/infrastructure/services/agent-instance-deploy.service.ts
@@ -212,6 +212,9 @@ export class AgentInstanceDeployService {
     });
     await this.sshExec(sshCreds, `mkdir -p /data/openclaw/${instance.id}/agents/main/agent && printf '%s' '${authProfiles.replace(/'/g, "'\\''")}' > /data/openclaw/${instance.id}/agents/main/agent/auth-profiles.json`);
 
+    // Pre-create workspace dir and fix ownership so the container (running as node uid=1000) can write
+    await this.sshExec(sshCreds, `mkdir -p /data/openclaw/${instance.id}/workspace && chown -R 1000:1000 /data/openclaw/${instance.id}`);
+
     const cmd = [
       'docker run -d',
       `--name ${instance.containerName}`,