fix(docker): mount config/workspace for root runtime in compose

[0xYiliu]

📝 Description

• Fixes compose volume mounts so containers can find config/workspace when runtime user resolves home to /root.
• Keeps existing /home/picoclaw/.picoclaw/* mounts for compatibility and adds /root/.picoclaw/* mounts for prebuilt-image runtime behavior.

🗣️ Type of Change

• 🐞 Bug fix (non-breaking change which fixes an issue)

🤖 AI Code Generation

• 🤖 Fully AI-generated (100% AI, 0% Human)
• 🛠️ Mostly AI-generated (AI draft, Human verified/modified)
• 👨‍💻 Mostly Human-written (Human lead, AI assisted or none)

🔗 Related Issue

Fixes #651

☑️ Checklist

• My code/docs follow the style of this project.
• I have performed a self-review of my own changes.
• I have updated the documentation accordingly.
• I ran make check and it passed.

[yinwm]

This is a Workaround, Not a Proper Fix

The Problem

This PR addresses the symptom (mount paths don't match runtime home directory) but not the root cause (why does home resolve to /root instead of /home/picoclaw?).

Why This Approach Is Problematic

1. Masks the real issue - The container is apparently running as root when it should run as picoclaw user
2. Maintenance burden - Every path needs to be mounted twice
3. Permission confusion - Files created in workspace may have wrong ownership
4. Technical debt - Workarounds accumulate and make future debugging harder

Better Solutions

Option 1: Fix the Dockerfile to run as correct user

USER picoclaw
ENV HOME=/home/picoclaw

Option 2: Set HOME environment variable in compose

environment:
  - HOME=/home/picoclaw

Option 3: Fix in entrypoint script

#!/bin/bash
if [ "$(id -u)" = "0" ]; then
  export HOME=/home/picoclaw
fi
exec picoclaw "$@"

Recommendation

Please investigate why the container is resolving home to /root and fix it at the source. The root cause is likely one of:

1. Missing USER picoclaw in Dockerfile
2. Missing HOME environment variable
3. Container being run with --user root override

This double-mount workaround should only be a last resort if there's a legitimate reason the container must run as root.

[0xYiliu]

Thanks for the review — agreed this should be fixed at source rather than with dual mounts.

I updated the PR with a root-cause fix:

• Removed the /root/.picoclaw/* workaround mounts
• Added HOME=/home/picoclaw in both picoclaw-agent and picoclaw-gateway compose services

This keeps a single canonical mount path while making runtime home resolution deterministic.

Validation:

• docker compose config passes
• make check passes locally

Could you please take another look?

[0xYiliu]

Update: I synced this branch with upstream/main and resolved the previous merge conflict.\n\nCurrent diff is now minimal and source-focused:\n- add HOME=/home/picoclaw for both compose services in docker/docker-compose.yml\n\nValidation:\n- local make check passed\n- CI rerun is in progress on this latest head\n\nThanks again for the review — please re-check when CI finishes.