From c03b5b80a135e703c0c7f1e4ec6ad902238f061e Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Tue, 28 Apr 2026 09:38:26 +0200
Subject: [PATCH] feat(runtime): redirect agent diagram output to tenant tmpfs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The cameleer agent extracts route diagrams at startup and writes them
to ./cameleer-diagrams (default `cameleer.agent.diagram.outputdir`,
documented in AGENT-REFERENCE.md §3). With CWD /app and the orchestrator's
readonly rootfs, the directory create fails:

    RouteModelExtractor - Cameleer: Failed to create diagram output directory: ./cameleer-diagrams
    java.nio.file.FileSystemException: /app/./cameleer-diagrams: Read-only file system

The agent has no "send-to-server-but-skip-disk" knob today
(`diagram.enabled=false` would also disable the HTTP export), so the
documented mechanism is the outputdir property. Set
`CAMELEER_AGENT_DIAGRAM_OUTPUTDIR=/tmp/cameleer-diagrams` on tenant
containers — /tmp is the per-container tmpfs (writable inside the
hardening contract, ephemeral, vanishes with the container). The
diagram feature continues to work via the HTTP POST to /api/v1/data/diagrams;
the on-disk copy lands in ephemeral storage that doesn't persist.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../cameleer/server/app/runtime/DeploymentExecutor.java   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/cameleer-server-app/src/main/java/com/cameleer/server/app/runtime/DeploymentExecutor.java b/cameleer-server-app/src/main/java/com/cameleer/server/app/runtime/DeploymentExecutor.java
index 73e1ed19..0e881878 100644
--- a/cameleer-server-app/src/main/java/com/cameleer/server/app/runtime/DeploymentExecutor.java
+++ b/cameleer-server-app/src/main/java/com/cameleer/server/app/runtime/DeploymentExecutor.java
@@ -593,6 +593,14 @@ public class DeploymentExecutor {
         envVars.put("CAMELEER_AGENT_REPLAY_ENABLED", String.valueOf(config.replayEnabled()));
         envVars.put("CAMELEER_AGENT_HEALTH_ENABLED", "true");
         envVars.put("CAMELEER_AGENT_HEALTH_PORT", String.valueOf(agentHealthPort));
+        // Tenant rootfs is readonly; the agent's default ./cameleer-diagrams
+        // (resolved against CWD /app) hits "Read-only file system" at startup
+        // and the agent logs the error every restart. Redirect to the
+        // per-container tmpfs — diagrams continue to flow to the server via
+        // HTTP, the on-disk copy goes to ephemeral storage that vanishes with
+        // the container, and no persistent artifact is written to the host.
+        // See AGENT-REFERENCE.md §3 "Metrics & Diagrams" for the property.
+        envVars.put("CAMELEER_AGENT_DIAGRAM_OUTPUTDIR", "/tmp/cameleer-diagrams");
         if (bootstrapToken != null && !bootstrapToken.isBlank()) {
             envVars.put("CAMELEER_AGENT_AUTH_TOKEN", bootstrapToken);
         }