feat: agent user with sudo for apt-install, run all commands as non-root agent

- Dockerfile: pre-install common runtimes (python, node, go, java, ruby, rust, build tools)
- Dockerfile: create 'agent' user with passwordless sudo for apt-get
- executor.rs: run install/agent/test commands as 'agent' user via sudo -u
- executor.rs: prepare_install_command adds sudo + DEBIAN_FRONTEND for apt commands
- executor.rs: chmod repo dirs writable for agent user

Author: echobt

Dockerfile

@@ -10,20 +10,43 @@ RUN cargo build --release && strip target/release/term-executor
 
 # ── Runtime stage ──
 FROM debian:bookworm-slim
+
+# Pre-install all common runtimes and tools at build time (as root)
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    ca-certificates git curl unzip libssl3 libssl-dev pkg-config \
-    python3 python3-pip python3-venv \
-    build-essential nodejs npm \
+    ca-certificates git curl wget unzip libssl3 libssl-dev pkg-config sudo \
+    python3 python3-pip python3-venv python3-dev \
+    build-essential gcc g++ make cmake autoconf automake libtool \
+    nodejs npm \
     golang-go \
-    default-jdk maven \
+    default-jdk maven gradle \
+    ruby ruby-dev \
+    libffi-dev libxml2-dev libxslt1-dev zlib1g-dev libyaml-dev \
+    libreadline-dev libncurses-dev libgdbm-dev libdb-dev \
+    sqlite3 libsqlite3-dev postgresql-client libpq-dev \
+    imagemagick libmagickwand-dev \
+    jq \
     && ln -sf /usr/bin/python3 /usr/bin/python \
     && npm install -g corepack yarn pnpm \
     && corepack enable \
     && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
     && rm -rf /var/lib/apt/lists/*
 ENV PATH="/root/.cargo/bin:${PATH}"
+
+# Create non-root 'agent' user to run the executor and all agent code.
+# Basilica containers have no_new_privs, so sudo is unavailable at runtime.
+# All system deps must be pre-installed above (as root during build).
+RUN useradd -m -s /bin/bash agent \
+    && cp -r /root/.cargo /home/agent/.cargo \
+    && chown -R agent:agent /home/agent/.cargo \
+    && mkdir -p /home/agent/.local/bin \
+    && chown -R agent:agent /home/agent
+
 COPY --from=builder /build/target/release/term-executor /usr/local/bin/
-RUN mkdir -p /tmp/sessions
+RUN mkdir -p /tmp/sessions && chown agent:agent /tmp/sessions
+
+USER agent
+ENV HOME=/home/agent
+ENV PATH="/home/agent/.cargo/bin:/home/agent/.local/bin:${PATH}"
 ENV IMAGE_NAME=platformnetwork/term-executor
 ENV IMAGE_DIGEST=""
 EXPOSE 8080

src/executor.rs

@@ -73,14 +73,25 @@ async fn run_shell(
     run_cmd(&["sh", "-c", shell_cmd], cwd, timeout, env).await
 }
 
-/// Filter out system-level package commands that can't run in restricted containers.
-/// Keeps project-level install commands (npm install, pip install, yarn install, etc.)
+/// Filter out system-level package commands that require root (apt-get, dpkg, etc.).
+/// In Basilica containers, the executor runs as non-root with no_new_privs,
+/// so apt/sudo commands cannot succeed at runtime.
+/// All system deps must be pre-installed in the Docker image at build time.
 fn filter_install_command(cmd: &str) -> String {
     let system_prefixes = [
-        "apt-get", "apt ", "dpkg", "yum ", "dnf ", "pacman ", "apk ", "snap ", "flatpak ",
+        "apt-get",
+        "apt ",
+        "dpkg",
+        "yum ",
+        "dnf ",
+        "pacman ",
+        "apk ",
+        "snap ",
+        "flatpak ",
+        "sudo apt",
+        "sudo dpkg",
     ];
 
-    // Split on && and filter out system commands
     let parts: Vec<&str> = cmd.split("&&").collect();
     let filtered: Vec<&str> = parts
         .iter()
@@ -349,8 +360,6 @@ async fn run_task_pipeline(
     result.status = TaskStatus::InstallingDeps;
     if let Some(ref install_cmds) = task.workspace.install {
         for cmd in install_cmds {
-            // Split chained commands and filter out system package commands
-            // that can't run in a restricted container (apt-get, dpkg, etc.)
             let effective_cmd = filter_install_command(cmd);
             if effective_cmd.is_empty() {
                 info!(