Two issues kept claude's TUI from drawing after launch:
1. smolvm pack remaps OCI-layer ownership to the host invoker's
uid (501 on macOS) instead of preserving the image's
USER node (uid 1000). /home/node ends up owned by some uid
that doesn't exist in the VM, so when claude runs as node it
can't appendFileSync to ~/.claude.json on startup — fails
with ENOENT and the TUI hangs. Fix: chown -R node:node
/home/node after machine_start, before provision.
2. smolvm machine_create -e sets env on PID 1 but it doesn't
propagate to fresh exec process trees (verified empirically:
`smolvm machine exec -- printenv` shows none of the
machine_create env vars). Claude was running with no
HTTPS_PROXY / CLAUDE_CODE_OAUTH_TOKEN / NODE_EXTRA_CA_CERTS,
so even the auth-validation step bailed silently. Fix:
thread `guest_env` through to the SmolmachinesBottle handle
and re-pass every entry via `-e K=V` on every machine_exec
call (interactive claude and shell exec both).
Also fills in the same `CLAUDE_CODE_OAUTH_TOKEN=egress-
placeholder` + telemetry-off env the docker backend's
forwarded_env carries, plus the NODE_EXTRA_CA_CERTS /
SSL_CERT_FILE / REQUESTS_CA_BUNDLE trust trio.
Verified end-to-end on Docker Desktop / macOS: claude's TUI
renders cleanly with the bypass-permissions banner.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
didericis-claude
91955ec59f