fix: move workspace to /home/agent/sessions, fix node_modules permissions, improve agent code error handling

- Change DEFAULT_WORKSPACE_BASE from /tmp/sessions to /home/agent/sessions to avoid noexec mount issues
- Add chmod +x on node_modules/.bin/ after npm install to fix vitest Permission denied
- Bail with clear error when agent.py/main.py not found instead of silent fallback
- Fix submit_tasks auth: return 503 when whitelist not ready instead of bypassing auth

Author: echobt

Dockerfile

@@ -54,7 +54,7 @@ RUN useradd -m -s /bin/bash agent \
     && chown -R agent:agent /home/agent
 
 COPY --from=builder /build/target/release/term-executor /usr/local/bin/
-RUN mkdir -p /tmp/sessions && chown agent:agent /tmp/sessions
+RUN mkdir -p /home/agent/sessions && chown agent:agent /home/agent/sessions
 
 USER agent
 ENV HOME=/home/agent

src/config.rs

@@ -7,7 +7,7 @@ const DEFAULT_CLONE_TIMEOUT: u64 = 600;
 const DEFAULT_AGENT_TIMEOUT: u64 = 600;
 const DEFAULT_TEST_TIMEOUT: u64 = 300;
 const DEFAULT_MAX_ARCHIVE_BYTES: usize = 500 * 1024 * 1024;
-const DEFAULT_WORKSPACE_BASE: &str = "/tmp/sessions";
+const DEFAULT_WORKSPACE_BASE: &str = "/home/agent/sessions";
 const DEFAULT_MAX_PENDING_CONSENSUS: usize = 100;
 const DEFAULT_BITTENSOR_NETUID: u16 = 100;
 const DEFAULT_MIN_VALIDATOR_STAKE_TAO: f64 = 10_000.0;

src/executor.rs

@@ -546,6 +546,19 @@ async fn run_task_pipeline(
         }
     }
 
+    // Ensure node_modules/.bin binaries are executable (fixes "Permission denied" with vitest etc.)
+    let node_bin_dir = repo_dir.join("node_modules/.bin");
+    if node_bin_dir.exists() {
+        debug!("[{}] Fixing node_modules/.bin permissions", task.id);
+        let _ = run_shell(
+            "chmod -R +x node_modules/.bin/ 2>/dev/null || true",
+            &repo_dir,
+            Duration::from_secs(30),
+            None,
+        )
+        .await;
+    }
+
     if *cancel_rx.borrow() {
         anyhow::bail!("Cancelled");
     }
@@ -1094,13 +1107,29 @@ async fn run_agent(
             }
         }
 
+        // Log extracted agent directory structure for debugging
+        debug!(
+            "Agent directory resolved to: {}",
+            agent_dir.display()
+        );
+        if let Ok(mut entries) = tokio::fs::read_dir(&agent_dir).await {
+            let mut files = Vec::new();
+            while let Ok(Some(entry)) = entries.next_entry().await {
+                files.push(entry.file_name().to_string_lossy().to_string());
+            }
+            debug!("Agent directory contents: {:?}", files);
+        }
+
         // Determine entry point (use absolute path so we can run from repo_dir)
         let entry_file = if agent_dir.join("agent.py").exists() {
             agent_dir.join("agent.py")
         } else if agent_dir.join("main.py").exists() {
             agent_dir.join("main.py")
         } else {
-            agent_dir.join("agent.py")
+            anyhow::bail!(
+                "Agent code not found: neither agent.py nor main.py exists in {}",
+                agent_dir.display()
+            );
         };
 
         let mut argv = vec![

src/handlers.rs

@@ -1066,20 +1066,28 @@ async fn submit_tasks(
         )
     })?;
 
-    if state.validator_whitelist.validator_count() > 0 {
-        if let Err(e) = auth::verify_request(
-            &auth_headers,
-            &state.nonce_store,
-            &state.validator_whitelist,
-        ) {
-            return Err((
-                StatusCode::UNAUTHORIZED,
-                Json(serde_json::json!({
-                    "error": e.code(),
-                    "message": e.message(),
-                })),
-            ));
-        }
+    if state.validator_whitelist.validator_count() == 0 {
+        return Err((
+            StatusCode::SERVICE_UNAVAILABLE,
+            Json(serde_json::json!({
+                "error": "whitelist_not_ready",
+                "message": "Validator whitelist not yet initialized. Please retry shortly."
+            })),
+        ));
+    }
+
+    if let Err(e) = auth::verify_request(
+        &auth_headers,
+        &state.nonce_store,
+        &state.validator_whitelist,
+    ) {
+        return Err((
+            StatusCode::UNAUTHORIZED,
+            Json(serde_json::json!({
+                "error": e.code(),
+                "message": e.message(),
+            })),
+        ));
     }
 
     // Parse multipart: expect "task_ids" (JSON) and "archive" (file)