Cockpit mode — Slice A: interactive cockpit (drive /grill→/to-issues from inside)

[lsfera]

Vertical slice A of cockpit mode (drive the workflow from inside the outer image instead of the host). Full design + rationale: .scratch/cockpit-mode/prd.md (and the grill output .scratch/cockpit-mode/grill-output.md).

Goal (end-to-end value)

A human can run docker compose exec -it devcontainer claude and drive /grill-me-with-docs → /to-prd → /to-issues entirely from inside the devcontainer, with only the published image, the compose file, and exported credentials — no host Claude, no docker MCP wiring, no host slash commands.

Acceptance criteria

• Marker: AGENTIC_IN_CONTAINER is set in the image so any in-container process can detect cockpit context.
• Context-aware /exec (one corpus): inside the container /exec runs the command in the local shell; on the host it routes to mcp__docker__run_command as today. The slash commands (incl. /tdd) are not forked per mode and work unchanged in both. The shim is thin (no precedence/resolution logic).
• Credential passthrough (single source): the compose file forwards GH_TOKEN/GITHUB_TOKEN and a Claude credential (ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN) from host env into the container. No token values are committed; reference host env vars only.
• TS credential resolver (the real logic — see Testing): a pure function in the TypeScript orchestrator resolves credentials from the process env + parsed orchestrator.env, with env taking precedence over orchestrator.env, and the resolved set is forwarded to sandcastle's inner sandboxes. Cockpit Claude and the orchestrator resolve from the same source.
• Permissions: a global ~/.claude/settings.json is baked into the image and installed by claude-persist-setup (alongside the baked commands/skills), pre-allowing the cockpit workflow (local shell, gh, git, afk/hitl). A workspace .claude/settings.local.json still overrides.
• Entry point: canonical docker compose exec -it devcontainer claude works with only the compose file and lands in the workspace working_dir; a baked in-image cockpit shim launches claude in the right dir. No new host script.
• Regression: host-driven mode (/exec → MCP) and orchestrator.env still work unchanged.
• Docs/ADR: this repo's CLAUDE.md documents both modes (host-driven vs cockpit); a new ADR ("Cockpit mode — drive from inside the outer image") records the decision and relates it to ADR-0006/0011/0016/0017.

Testing (highest, single seam — logic in TypeScript)

Unit-test the pure orchestrator resolver in the reduce.test.ts / sandbox-runner.test.ts style:

• env-only creds resolve; orchestrator.env-only resolve; both present → env wins; missing creds yield a clear, asserted result.
• the AGENTIC_IN_CONTAINER marker check is exercised through this same resolver, not a new bash dry-run script.
  Keep the .md commands, the cockpit shim, and /exec logic-free so they need no tests.

Unchanged (do not touch)

Path-match mount (ADR-0011) and per-issue inner-sandbox isolation — the orchestrator still runs inside the devcontainer exactly as today (ADR-0006); cockpit only relocates the driver from host to inside.

Constraints (per repo workflow)

Implement with /tdd per criterion, run shell via /exec, stay scoped to this slice's files, no pushing to main, no new dependencies.

[lsfera]

AFK agent produced no commits — leaving this issue unlabelled for a human to inspect and re-label ready-for-agent if appropriate.

[lsfera]

AFK agent produced no commits — leaving this issue unlabelled for a human to inspect and re-label ready-for-agent if appropriate.

[lsfera]

AFK agent produced no commits — leaving this issue unlabelled for a human to inspect and re-label ready-for-agent if appropriate.