fix(codex): provision dummy user auth state

bot_bottle/backend/docker/provision/provider_auth.py

@@ -0,0 +1,43 @@
+"""Provision non-secret provider auth markers into a Docker bottle."""
+
+from __future__ import annotations
+
+import os
+import subprocess
+
+from ..bottle_plan import DockerBottlePlan
+
+
+def provision_provider_auth(plan: DockerBottlePlan, target: str) -> None:
+    """Copy a dummy Codex auth marker when host credentials are
+    forwarded through egress.
+
+    The file contains no real access or refresh token values; it only
+    nudges Codex into the same user/device auth branch as the host.
+    """
+    if not plan.codex_auth_file:
+        return
+    container_home = os.environ.get("BOT_BOTTLE_CONTAINER_HOME", "/home/node")
+    auth_dir = f"{container_home}/.codex"
+    auth_path = f"{auth_dir}/auth.json"
+
+    subprocess.run(
+        ["docker", "exec", "-u", "0", target, "mkdir", "-p", auth_dir],
+        stdout=subprocess.DEVNULL,
+        check=True,
+    )
+    subprocess.run(
+        ["docker", "cp", str(plan.codex_auth_file), f"{target}:{auth_path}"],
+        stdout=subprocess.DEVNULL,
+        check=True,
+    )
+    subprocess.run(
+        ["docker", "exec", "-u", "0", target, "chown", "node:node", auth_path],
+        stdout=subprocess.DEVNULL,
+        check=True,
+    )
+    subprocess.run(
+        ["docker", "exec", "-u", "0", target, "chmod", "600", auth_path],
+        stdout=subprocess.DEVNULL,
+        check=True,
+    )