From 023a6dfcd58c4e9f76f11ac1016dd5b96f3dc471 Mon Sep 17 00:00:00 2001
From: Jesus Munoz <jesus.munoz@solo.io>
Date: Mon, 27 Apr 2026 14:14:43 +0200
Subject: [PATCH 1/2] fix: use python user in skills-init container

Signed-off-by: Jesus Munoz <jesus.munoz@solo.io>
---
 docker/skills-init/Dockerfile | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docker/skills-init/Dockerfile b/docker/skills-init/Dockerfile
index a142dfb4c..52901089f 100644
--- a/docker/skills-init/Dockerfile
+++ b/docker/skills-init/Dockerfile
@@ -16,3 +16,10 @@ FROM alpine:3.23
 
 RUN apk upgrade --no-cache && apk add --no-cache git
 COPY --from=krane-builder /build/krane /usr/local/bin/krane
+
+# Run as the same UID/GID as the main agent container (python user) so that
+# files written to the shared /skills volume are readable by the main container.
+RUN addgroup -g 1001 pythongroup && \
+    adduser -u 1001 -G pythongroup -s /bin/sh -D python
+
+USER 1001:1001

From 6f07da2421a31257e180902174b839df08a45a7c Mon Sep 17 00:00:00 2001
From: Jesus Munoz <jesus.munoz@solo.io>
Date: Mon, 27 Apr 2026 14:23:13 +0200
Subject: [PATCH 2/2] Update docker/skills-init/Dockerfile

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Jesus Munoz <jesus.munoz@solo.io>
---
 docker/skills-init/Dockerfile | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/docker/skills-init/Dockerfile b/docker/skills-init/Dockerfile
index 52901089f..e884f34cf 100644
--- a/docker/skills-init/Dockerfile
+++ b/docker/skills-init/Dockerfile
@@ -14,12 +14,17 @@ RUN CGO_ENABLED=0 go build -trimpath -ldflags="-s -w" -o /build/krane .
 
 FROM alpine:3.23
 
+ARG PYTHON_UID=1001
+ARG PYTHON_GID=1001
+
 RUN apk upgrade --no-cache && apk add --no-cache git
 COPY --from=krane-builder /build/krane /usr/local/bin/krane
 
 # Run as the same UID/GID as the main agent container (python user) so that
 # files written to the shared /skills volume are readable by the main container.
-RUN addgroup -g 1001 pythongroup && \
-    adduser -u 1001 -G pythongroup -s /bin/sh -D python
+# Keep these defaults aligned with the canonical main agent image definition
+# (for example, python/Dockerfile) to avoid UID/GID drift across images.
+RUN addgroup -g ${PYTHON_GID} pythongroup && \
+    adduser -u ${PYTHON_UID} -G pythongroup -s /bin/sh -D python
 
-USER 1001:1001
+USER ${PYTHON_UID}:${PYTHON_GID}