From 4b6dddc911bafe2ffac42abeae8dee4c4a9f7a2b Mon Sep 17 00:00:00 2001
From: skulidropek <66840575+skulidropek@users.noreply.github.com>
Date: Wed, 6 May 2026 20:32:32 +0000
Subject: [PATCH] fix(api): isolate docker runtime from host socket

---
 README.md                                     |   2 +-
 docker-compose.api.yml                        |  13 +-
 docker-compose.yml                            |  13 +-
 packages/api/Dockerfile                       |   4 +-
 packages/api/README.md                        |   9 +-
 packages/api/scripts/start-controller.sh      |  68 +++
 .../lib/core/templates-entrypoint/agent.ts    |   1 +
 .../src/lib/core/templates-entrypoint/base.ts |  15 +-
 .../src/lib/core/templates/docker-compose.ts  |   7 +-
 .../src/core/templates-entrypoint/agent.ts    |   1 +
 .../lib/src/core/templates-entrypoint/base.ts |  15 +-
 .../lib/src/core/templates/docker-compose.ts  |   7 +-
 packages/lib/src/shell/docker-compose.ts      | 135 +++++
 packages/lib/src/shell/docker-network.ts      |  86 +++
 packages/lib/src/shell/docker-runtime.ts      | 100 ++++
 packages/lib/src/shell/docker.ts              | 530 +-----------------
 packages/lib/src/usecases/projects-up.ts      |  11 +-
 packages/lib/tests/core/templates.test.ts     |  15 +
 .../lib/tests/shell/docker-access.test.ts     |  33 ++
 .../usecases/state-repo-auto-pull.test.ts     |   5 +-
 .../tests/usecases/state-repo-init.test.ts    |   5 +-
 scripts/e2e/_lib.sh                           | 252 ++++++++-
 scripts/e2e/clone-auto-open-ssh.sh            |  34 +-
 scripts/e2e/clone-cache.sh                    |  31 +-
 scripts/e2e/login-context.sh                  |  20 +-
 scripts/e2e/opencode-autoconnect.sh           |  35 +-
 scripts/e2e/runtime-volumes-ssh.sh            |  79 ++-
 27 files changed, 890 insertions(+), 636 deletions(-)
 create mode 100644 packages/api/scripts/start-controller.sh
 create mode 100644 packages/lib/src/shell/docker-compose.ts
 create mode 100644 packages/lib/src/shell/docker-network.ts
 create mode 100644 packages/lib/src/shell/docker-runtime.ts

diff --git a/README.md b/README.md
index 8fcce950..2de7b1ca 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ docker-git apply-all
 docker-git apply-all --active
 ```
 
-- `apply` применяет конфиг к одному проекту. `--no-up` только обновляет файлы без `docker compose up`. В текущем API-only host mode команда ещё недоступна.
+- `apply` применяет конфиг к одному проекту. `--no-up` только обновляет файлы без `docker compose up`.
 - `apply-all` применяет конфиг ко всем проектам. `--active` только к запущенным контейнерам.
 
 
diff --git a/docker-compose.api.yml b/docker-compose.api.yml
index fc916e02..bee3eb1b 100644
--- a/docker-compose.api.yml
+++ b/docker-compose.api.yml
@@ -8,6 +8,12 @@ services:
     container_name: ${DOCKER_GIT_API_CONTAINER_NAME:-docker-git-api}
     environment:
       DOCKER_GIT_API_PORT: ${DOCKER_GIT_API_PORT:-3334}
+      DOCKER_GIT_DOCKER_RUNTIME: ${DOCKER_GIT_DOCKER_RUNTIME:-isolated}
+      DOCKER_HOST: ${DOCKER_GIT_CONTROLLER_DOCKER_HOST:-unix:///var/run/docker.sock}
+      DOCKER_GIT_DOCKERD_TCP_HOST: ${DOCKER_GIT_DOCKERD_TCP_HOST:-tcp://0.0.0.0:2375}
+      DOCKER_GIT_DOCKERD_DEFAULT_CGROUPNS_MODE: ${DOCKER_GIT_DOCKERD_DEFAULT_CGROUPNS_MODE:-host}
+      DOCKER_GIT_PROJECT_DOCKER_HOST: ${DOCKER_GIT_PROJECT_DOCKER_HOST:-tcp://host.docker.internal:2375}
+      DOCKER_GIT_PROJECT_SSH_BIND_HOST: ${DOCKER_GIT_PROJECT_SSH_BIND_HOST:-0.0.0.0}
       DOCKER_GIT_PROJECTS_ROOT: ${DOCKER_GIT_PROJECTS_ROOT:-/home/dev/.docker-git}
       DOCKER_GIT_PROJECTS_ROOT_VOLUME: ${DOCKER_GIT_PROJECTS_ROOT_VOLUME:-docker-git-projects}
       DOCKER_GIT_FEDERATION_PUBLIC_ORIGIN: ${DOCKER_GIT_FEDERATION_PUBLIC_ORIGIN:-}
@@ -25,10 +31,15 @@ services:
       - 8.8.4.4
       - 1.1.1.1
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
       - docker_git_projects:${DOCKER_GIT_PROJECTS_ROOT:-/home/dev/.docker-git}
+      - docker_git_docker_data:/var/lib/docker
+    privileged: true
+    cgroup: host
+    init: true
     restart: unless-stopped
 
 volumes:
   docker_git_projects:
     name: ${DOCKER_GIT_PROJECTS_ROOT_VOLUME:-docker-git-projects}
+  docker_git_docker_data:
+    name: ${DOCKER_GIT_DOCKER_DATA_VOLUME:-docker-git-docker-data}
diff --git a/docker-compose.yml b/docker-compose.yml
index 49ea2c02..e955aff2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,6 +10,12 @@ services:
     environment:
       DOCKER_GIT_API_PORT: ${DOCKER_GIT_API_PORT:-3334}
       DOCKER_GIT_CONTROLLER_REV: ${DOCKER_GIT_CONTROLLER_REV:-unknown}
+      DOCKER_GIT_DOCKER_RUNTIME: ${DOCKER_GIT_DOCKER_RUNTIME:-isolated}
+      DOCKER_HOST: ${DOCKER_GIT_CONTROLLER_DOCKER_HOST:-unix:///var/run/docker.sock}
+      DOCKER_GIT_DOCKERD_TCP_HOST: ${DOCKER_GIT_DOCKERD_TCP_HOST:-tcp://0.0.0.0:2375}
+      DOCKER_GIT_DOCKERD_DEFAULT_CGROUPNS_MODE: ${DOCKER_GIT_DOCKERD_DEFAULT_CGROUPNS_MODE:-host}
+      DOCKER_GIT_PROJECT_DOCKER_HOST: ${DOCKER_GIT_PROJECT_DOCKER_HOST:-tcp://host.docker.internal:2375}
+      DOCKER_GIT_PROJECT_SSH_BIND_HOST: ${DOCKER_GIT_PROJECT_SSH_BIND_HOST:-0.0.0.0}
       DOCKER_GIT_PROJECTS_ROOT: ${DOCKER_GIT_PROJECTS_ROOT:-/home/dev/.docker-git}
       DOCKER_GIT_PROJECTS_ROOT_VOLUME: ${DOCKER_GIT_PROJECTS_ROOT_VOLUME:-docker-git-projects}
       DOCKER_GIT_FEDERATION_PUBLIC_ORIGIN: ${DOCKER_GIT_FEDERATION_PUBLIC_ORIGIN:-}
@@ -27,10 +33,15 @@ services:
       - 8.8.4.4
       - 1.1.1.1
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
       - docker_git_projects:${DOCKER_GIT_PROJECTS_ROOT:-/home/dev/.docker-git}
+      - docker_git_docker_data:/var/lib/docker
+    privileged: true
+    cgroup: host
+    init: true
     restart: unless-stopped
 
 volumes:
   docker_git_projects:
     name: ${DOCKER_GIT_PROJECTS_ROOT_VOLUME:-docker-git-projects}
+  docker_git_docker_data:
+    name: ${DOCKER_GIT_DOCKER_DATA_VOLUME:-docker-git-docker-data}
diff --git a/packages/api/Dockerfile b/packages/api/Dockerfile
index 5637365f..296348f3 100644
--- a/packages/api/Dockerfile
+++ b/packages/api/Dockerfile
@@ -59,6 +59,8 @@ RUN bun run --cwd packages/lib build
 RUN bun run --cwd packages/api build
 
 ENV DOCKER_GIT_API_PORT=3334
+ENV DOCKER_GIT_DOCKER_RUNTIME=isolated
+ENV DOCKER_HOST=unix:///var/run/docker.sock
 EXPOSE 3334
 
-CMD ["bun", "packages/api/dist/src/main.js"]
+CMD ["bash", "packages/api/scripts/start-controller.sh"]
diff --git a/packages/api/README.md b/packages/api/README.md
index c40f5092..08b35973 100644
--- a/packages/api/README.md
+++ b/packages/api/README.md
@@ -5,8 +5,9 @@ HTTP API for docker-git orchestration (projects, agents, logs/events, federation
 This is now the intended controller plane:
 - the API runs inside `docker-git-api`
 - `.docker-git` state lives in the Docker volume `docker-git-projects`
-- the API talks to Docker through `/var/run/docker.sock`
+- the API starts an isolated Docker daemon inside the controller by default
 - child project containers no longer depend on host bind mounts for bootstrap auth/env
+- the host `/var/run/docker.sock` is not mounted into the controller or project containers
 
 ## UI wrapper
 
@@ -41,6 +42,12 @@ Optional env:
 
 - `DOCKER_GIT_API_BIND_HOST` (default: `127.0.0.1`)
 - `DOCKER_GIT_API_PORT` (default: `3334`)
+- `DOCKER_GIT_DOCKER_RUNTIME` (default: `isolated`; starts a managed Docker daemon in `docker-git-api`)
+- `DOCKER_GIT_CONTROLLER_DOCKER_HOST` (default: `unix:///var/run/docker.sock`; socket path inside the controller)
+- `DOCKER_GIT_DOCKERD_TCP_HOST` (default: `tcp://0.0.0.0:2375`; reachable only inside Docker networks unless explicitly published)
+- `DOCKER_GIT_DOCKERD_DEFAULT_CGROUPNS_MODE` (default: `host`; keeps nested project containers compatible with cgroup v2 DinD)
+- `DOCKER_GIT_PROJECT_DOCKER_HOST` (default: `tcp://host.docker.internal:2375`; lets project containers use the isolated daemon)
+- `DOCKER_GIT_PROJECT_SSH_BIND_HOST` (default: `0.0.0.0` in controller mode; project SSH binds inside the isolated controller runtime)
 - `DOCKER_GIT_PROJECTS_ROOT` (container path, default: `/home/dev/.docker-git`)
 - `DOCKER_GIT_PROJECTS_ROOT_VOLUME` (Docker volume name for controller state, default: `docker-git-projects`)
 - `DOCKER_GIT_FEDERATION_PUBLIC_ORIGIN` (optional public ActivityPub origin)
diff --git a/packages/api/scripts/start-controller.sh b/packages/api/scripts/start-controller.sh
new file mode 100644
index 00000000..5e2b2884
--- /dev/null
+++ b/packages/api/scripts/start-controller.sh
@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+runtime="${DOCKER_GIT_DOCKER_RUNTIME:-isolated}"
+docker_host="${DOCKER_HOST:-unix:///var/run/docker.sock}"
+dockerd_pid=""
+
+cleanup() {
+  if [[ -n "$dockerd_pid" ]] && kill -0 "$dockerd_pid" >/dev/null 2>&1; then
+    kill "$dockerd_pid" >/dev/null 2>&1 || true
+    wait "$dockerd_pid" >/dev/null 2>&1 || true
+  fi
+}
+
+trap cleanup EXIT INT TERM
+
+if [[ "$runtime" == "isolated" ]]; then
+  if [[ "$docker_host" != unix://* ]]; then
+    echo "DOCKER_GIT_DOCKER_RUNTIME=isolated requires a unix:// DOCKER_HOST for the managed controller daemon." >&2
+    exit 1
+  fi
+
+  export DOCKER_HOST="$docker_host"
+
+  socket_path="${docker_host#unix://}"
+  data_root="${DOCKER_GIT_DOCKER_DATA_ROOT:-/var/lib/docker}"
+  log_path="${DOCKER_GIT_DOCKERD_LOG:-/var/log/docker-git/dockerd.log}"
+  tcp_host="${DOCKER_GIT_DOCKERD_TCP_HOST:-tcp://0.0.0.0:2375}"
+  default_cgroupns_mode="${DOCKER_GIT_DOCKERD_DEFAULT_CGROUPNS_MODE:-host}"
+
+  mkdir -p "$(dirname "$socket_path")" "$data_root" "$(dirname "$log_path")"
+
+  if ! docker info >/dev/null 2>&1; then
+    # shellcheck disable=SC2086
+    dockerd \
+      --host="$docker_host" \
+      --host="$tcp_host" \
+      --tls=false \
+      --data-root="$data_root" \
+      --exec-opt native.cgroupdriver=cgroupfs \
+      --default-cgroupns-mode="$default_cgroupns_mode" \
+      ${DOCKER_GIT_DOCKERD_ARGS:-} \
+      >"$log_path" 2>&1 &
+    dockerd_pid="$!"
+
+    for _ in $(seq 1 90); do
+      if docker info >/dev/null 2>&1; then
+        break
+      fi
+      if ! kill -0 "$dockerd_pid" >/dev/null 2>&1; then
+        echo "Managed Docker daemon exited during startup." >&2
+        tail -n 200 "$log_path" >&2 || true
+        exit 1
+      fi
+      sleep 1
+    done
+
+    if ! docker info >/dev/null 2>&1; then
+      echo "Managed Docker daemon did not become ready in time." >&2
+      tail -n 200 "$log_path" >&2 || true
+      exit 1
+    fi
+  fi
+fi
+
+bun packages/api/dist/src/main.js &
+api_pid="$!"
+wait "$api_pid"
diff --git a/packages/app/src/lib/core/templates-entrypoint/agent.ts b/packages/app/src/lib/core/templates-entrypoint/agent.ts
index 6a35f4ca..d7517f3f 100644
--- a/packages/app/src/lib/core/templates-entrypoint/agent.ts
+++ b/packages/app/src/lib/core/templates-entrypoint/agent.ts
@@ -37,6 +37,7 @@ rm -f "$AGENT_DONE_PATH" "$AGENT_FAIL_PATH" "$AGENT_PROMPT_FILE"`,
     String.raw`# Collect tokens for agent environment (su - dev does not always inherit profile.d)
 AGENT_ENV_FILE="/run/docker-git/agent-env.sh"
 {
+  [[ -f /etc/profile.d/docker-host.sh ]] && cat /etc/profile.d/docker-host.sh
   [[ -f /etc/profile.d/gh-token.sh ]] && cat /etc/profile.d/gh-token.sh
   [[ -f /etc/profile.d/claude-config.sh ]] && cat /etc/profile.d/claude-config.sh
   [[ -f /etc/profile.d/gemini-config.sh ]] && cat /etc/profile.d/gemini-config.sh
diff --git a/packages/app/src/lib/core/templates-entrypoint/base.ts b/packages/app/src/lib/core/templates-entrypoint/base.ts
index 9709a551..3e7d6f17 100644
--- a/packages/app/src/lib/core/templates-entrypoint/base.ts
+++ b/packages/app/src/lib/core/templates-entrypoint/base.ts
@@ -91,8 +91,16 @@ fi
 chown -R 1000:1000 /home/${config.sshUser}/.ssh`
 
 export const renderEntrypointDockerSocket = (config: TemplateConfig): string =>
-  `# Ensure docker socket access for ${config.sshUser}
-if [[ -S /var/run/docker.sock ]]; then
+  `# Ensure Docker CLI targets only the explicitly configured daemon.
+if [[ -n "\${DOCKER_GIT_PROJECT_DOCKER_HOST:-}" && -z "\${DOCKER_HOST:-}" ]]; then
+  DOCKER_HOST="$DOCKER_GIT_PROJECT_DOCKER_HOST"
+  export DOCKER_HOST
+fi
+
+if [[ -n "\${DOCKER_HOST:-}" ]]; then
+  printf "export DOCKER_HOST=%q\\n" "$DOCKER_HOST" > /etc/profile.d/docker-host.sh
+  docker_git_upsert_ssh_env "DOCKER_HOST" "$DOCKER_HOST"
+elif [[ -S /var/run/docker.sock ]]; then
   DOCKER_SOCK_GID="$(stat -c "%g" /var/run/docker.sock)"
   DOCKER_GROUP="$(getent group "$DOCKER_SOCK_GID" | cut -d: -f1 || true)"
   if [[ -z "$DOCKER_GROUP" ]]; then
@@ -100,7 +108,8 @@ if [[ -S /var/run/docker.sock ]]; then
     groupadd -g "$DOCKER_SOCK_GID" "$DOCKER_GROUP" || true
   fi
   usermod -aG "$DOCKER_GROUP" ${config.sshUser} || true
-  printf "export DOCKER_HOST=unix:///var/run/docker.sock\n" > /etc/profile.d/docker-host.sh
+  printf "export DOCKER_HOST=unix:///var/run/docker.sock\\n" > /etc/profile.d/docker-host.sh
+  docker_git_upsert_ssh_env "DOCKER_HOST" "unix:///var/run/docker.sock"
 fi`
 
 export const renderEntrypointZshShell = (config: TemplateConfig): string =>
diff --git a/packages/app/src/lib/core/templates/docker-compose.ts b/packages/app/src/lib/core/templates/docker-compose.ts
index 5714c42d..737fa909 100644
--- a/packages/app/src/lib/core/templates/docker-compose.ts
+++ b/packages/app/src/lib/core/templates/docker-compose.ts
@@ -164,17 +164,20 @@ ${fragments.maybeGithubAuthSkipEnv}      # Optional anonymous public GitHub clon
 ${fragments.maybeGitTokenLabelEnv}      # Optional token label selector (maps to GITHUB_TOKEN__<LABEL>/GIT_AUTH_TOKEN__<LABEL>)
 ${fragments.maybeCodexAuthLabelEnv}      # Optional Codex account label selector (maps to CODEX_AUTH_LABEL)
 ${fragments.maybeClaudeAuthLabelEnv}${fragments.maybeAgentModeEnv}${fragments.maybeAgentAutoEnv}      # Optional Claude account label selector (maps to CLAUDE_AUTH_LABEL)
+      # Optional isolated Docker daemon endpoint injected by the API controller.
+      DOCKER_GIT_PROJECT_DOCKER_HOST: "\${DOCKER_GIT_PROJECT_DOCKER_HOST:-}"
       TARGET_DIR: "${config.targetDir}"
       CODEX_HOME: "${config.codexHome}"
 ${fragments.maybePlaywrightEnv}${fragments.maybeDependsOn}    # bootstrap auth/env arrives through docker_git_bootstrap
     ports:
-      - "127.0.0.1:${config.sshPort}:22"
+      - "\${DOCKER_GIT_PROJECT_SSH_BIND_HOST:-127.0.0.1}:${config.sshPort}:22"
 ${renderResourceLimits(resourceLimits)}    volumes:
       - ${config.volumeName}:/home/${config.sshUser}
       - ${sharedCacheVolumeKey}:/home/${config.sshUser}/.docker-git/.cache
       - ${sharedCodexVolumeKey}:${config.codexHome}-shared
 ${fragments.maybeBootstrapMounts}
-      - /var/run/docker.sock:/var/run/docker.sock
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     dns:
       - 8.8.8.8
       - 8.8.4.4
diff --git a/packages/lib/src/core/templates-entrypoint/agent.ts b/packages/lib/src/core/templates-entrypoint/agent.ts
index 5529dd24..3a02b478 100644
--- a/packages/lib/src/core/templates-entrypoint/agent.ts
+++ b/packages/lib/src/core/templates-entrypoint/agent.ts
@@ -36,6 +36,7 @@ rm -f "$AGENT_DONE_PATH" "$AGENT_FAIL_PATH" "$AGENT_PROMPT_FILE"`,
     String.raw`# Collect tokens for agent environment (su - dev does not always inherit profile.d)
 AGENT_ENV_FILE="/run/docker-git/agent-env.sh"
 {
+  [[ -f /etc/profile.d/docker-host.sh ]] && cat /etc/profile.d/docker-host.sh
   [[ -f /etc/profile.d/gh-token.sh ]] && cat /etc/profile.d/gh-token.sh
   [[ -f /etc/profile.d/claude-config.sh ]] && cat /etc/profile.d/claude-config.sh
   [[ -f /etc/profile.d/gemini-config.sh ]] && cat /etc/profile.d/gemini-config.sh
diff --git a/packages/lib/src/core/templates-entrypoint/base.ts b/packages/lib/src/core/templates-entrypoint/base.ts
index 2590c194..08bcea0e 100644
--- a/packages/lib/src/core/templates-entrypoint/base.ts
+++ b/packages/lib/src/core/templates-entrypoint/base.ts
@@ -90,8 +90,16 @@ fi
 chown -R 1000:1000 /home/${config.sshUser}/.ssh`
 
 export const renderEntrypointDockerSocket = (config: TemplateConfig): string =>
-  `# Ensure docker socket access for ${config.sshUser}
-if [[ -S /var/run/docker.sock ]]; then
+  `# Ensure Docker CLI targets only the explicitly configured daemon.
+if [[ -n "\${DOCKER_GIT_PROJECT_DOCKER_HOST:-}" && -z "\${DOCKER_HOST:-}" ]]; then
+  DOCKER_HOST="$DOCKER_GIT_PROJECT_DOCKER_HOST"
+  export DOCKER_HOST
+fi
+
+if [[ -n "\${DOCKER_HOST:-}" ]]; then
+  printf "export DOCKER_HOST=%q\\n" "$DOCKER_HOST" > /etc/profile.d/docker-host.sh
+  docker_git_upsert_ssh_env "DOCKER_HOST" "$DOCKER_HOST"
+elif [[ -S /var/run/docker.sock ]]; then
   DOCKER_SOCK_GID="$(stat -c "%g" /var/run/docker.sock)"
   DOCKER_GROUP="$(getent group "$DOCKER_SOCK_GID" | cut -d: -f1 || true)"
   if [[ -z "$DOCKER_GROUP" ]]; then
@@ -99,7 +107,8 @@ if [[ -S /var/run/docker.sock ]]; then
     groupadd -g "$DOCKER_SOCK_GID" "$DOCKER_GROUP" || true
   fi
   usermod -aG "$DOCKER_GROUP" ${config.sshUser} || true
-  printf "export DOCKER_HOST=unix:///var/run/docker.sock\n" > /etc/profile.d/docker-host.sh
+  printf "export DOCKER_HOST=unix:///var/run/docker.sock\\n" > /etc/profile.d/docker-host.sh
+  docker_git_upsert_ssh_env "DOCKER_HOST" "unix:///var/run/docker.sock"
 fi`
 
 export const renderEntrypointZshShell = (config: TemplateConfig): string =>
diff --git a/packages/lib/src/core/templates/docker-compose.ts b/packages/lib/src/core/templates/docker-compose.ts
index 6d8acb1d..990b28f7 100644
--- a/packages/lib/src/core/templates/docker-compose.ts
+++ b/packages/lib/src/core/templates/docker-compose.ts
@@ -163,17 +163,20 @@ ${fragments.maybeGithubAuthSkipEnv}      # Optional anonymous public GitHub clon
 ${fragments.maybeGitTokenLabelEnv}      # Optional token label selector (maps to GITHUB_TOKEN__<LABEL>/GIT_AUTH_TOKEN__<LABEL>)
 ${fragments.maybeCodexAuthLabelEnv}      # Optional Codex account label selector (maps to CODEX_AUTH_LABEL)
 ${fragments.maybeClaudeAuthLabelEnv}${fragments.maybeAgentModeEnv}${fragments.maybeAgentAutoEnv}      # Optional Claude account label selector (maps to CLAUDE_AUTH_LABEL)
+      # Optional isolated Docker daemon endpoint injected by the API controller.
+      DOCKER_GIT_PROJECT_DOCKER_HOST: "\${DOCKER_GIT_PROJECT_DOCKER_HOST:-}"
       TARGET_DIR: "${config.targetDir}"
       CODEX_HOME: "${config.codexHome}"
 ${fragments.maybePlaywrightEnv}${fragments.maybeDependsOn}    # bootstrap auth/env arrives through docker_git_bootstrap
     ports:
-      - "127.0.0.1:${config.sshPort}:22"
+      - "\${DOCKER_GIT_PROJECT_SSH_BIND_HOST:-127.0.0.1}:${config.sshPort}:22"
 ${renderResourceLimits(resourceLimits)}    volumes:
       - ${config.volumeName}:/home/${config.sshUser}
       - ${sharedCacheVolumeKey}:/home/${config.sshUser}/.docker-git/.cache
       - ${sharedCodexVolumeKey}:${config.codexHome}-shared
 ${fragments.maybeBootstrapMounts}
-      - /var/run/docker.sock:/var/run/docker.sock
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     dns:
       - 8.8.8.8
       - 8.8.4.4
diff --git a/packages/lib/src/shell/docker-compose.ts b/packages/lib/src/shell/docker-compose.ts
new file mode 100644
index 00000000..4c60c6f5
--- /dev/null
+++ b/packages/lib/src/shell/docker-compose.ts
@@ -0,0 +1,135 @@
+import { ExitCode } from "@effect/platform/CommandExecutor"
+import type * as CommandExecutor from "@effect/platform/CommandExecutor"
+import type { PlatformError } from "@effect/platform/Error"
+import { Duration, Effect, pipe, Schedule } from "effect"
+
+import { runCommandCapture, runCommandWithStreamingOutput } from "./command-runner.js"
+import { composeSpec, resolveDockerComposeEnv } from "./docker-compose-env.js"
+import { DockerCommandError } from "./errors.js"
+
+const buildComposeCommand = (
+  cwd: string,
+  args: ReadonlyArray<string>,
+  env: Readonly<Record<string, string>>
+) => ({
+  ...composeSpec(cwd, args),
+  ...(Object.keys(env).length > 0 ? { env } : {})
+})
+
+const runCompose = (
+  cwd: string,
+  args: ReadonlyArray<string>,
+  okExitCodes: ReadonlyArray<number>
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  Effect.gen(function*(_) {
+    const env = yield* _(resolveDockerComposeEnv(cwd))
+    yield* _(
+      runCommandWithStreamingOutput(
+        buildComposeCommand(cwd, args, env),
+        okExitCodes,
+        (exitCode, output) => new DockerCommandError({ exitCode, ...(output.length > 0 ? { details: output } : {}) })
+      )
+    )
+  })
+
+const runComposeCapture = (
+  cwd: string,
+  args: ReadonlyArray<string>,
+  okExitCodes: ReadonlyArray<number>
+): Effect.Effect<string, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  Effect.gen(function*(_) {
+    const env = yield* _(resolveDockerComposeEnv(cwd))
+    return yield* _(
+      runCommandCapture(
+        buildComposeCommand(cwd, args, env),
+        okExitCodes,
+        (exitCode) => new DockerCommandError({ exitCode })
+      )
+    )
+  })
+
+const dockerComposeUpRetrySchedule = Schedule.addDelay(
+  Schedule.recurs(2),
+  () => Duration.seconds(2)
+)
+
+const retryDockerComposeUp = (
+  cwd: string,
+  effect: Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor>
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  effect.pipe(
+    Effect.tapError(() =>
+      Effect.logWarning(
+        `docker compose up failed in ${cwd}; retrying (possible transient Docker Hub/DNS issue)...`
+      )
+    ),
+    Effect.retry(dockerComposeUpRetrySchedule)
+  )
+
+export type DockerComposeUpBuildMode = "build" | "reuse"
+
+const dockerComposeUpArgs = (
+  buildMode: DockerComposeUpBuildMode
+): ReadonlyArray<string> => buildMode === "reuse" ? ["up", "-d"] : ["up", "-d", "--build"]
+
+export const runDockerComposeUp = (
+  cwd: string,
+  options: {
+    readonly buildMode?: DockerComposeUpBuildMode
+  } = {}
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  retryDockerComposeUp(
+    cwd,
+    runCompose(cwd, dockerComposeUpArgs(options.buildMode ?? "build"), [Number(ExitCode(0))])
+  )
+
+export const dockerComposeUpRecreateArgs: ReadonlyArray<string> = [
+  "up",
+  "-d",
+  "--build",
+  "--force-recreate"
+]
+
+export const runDockerComposeUpRecreate = (
+  cwd: string
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  retryDockerComposeUp(cwd, runCompose(cwd, dockerComposeUpRecreateArgs, [Number(ExitCode(0))]))
+
+export const runDockerComposeDown = (
+  cwd: string
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runCompose(cwd, ["down"], [Number(ExitCode(0))])
+
+export const runDockerComposeDownVolumes = (
+  cwd: string
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runCompose(cwd, ["down", "-v", "--remove-orphans"], [Number(ExitCode(0))])
+
+export const runDockerComposeRecreate = (
+  cwd: string
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  pipe(runDockerComposeDown(cwd), Effect.zipRight(runDockerComposeUp(cwd)))
+
+export const runDockerComposePs = (
+  cwd: string
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runCompose(cwd, ["ps"], [Number(ExitCode(0))])
+
+export const runDockerComposePsFormatted = (
+  cwd: string
+): Effect.Effect<string, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runComposeCapture(
+    cwd,
+    ["ps", "--format", "{{.Name}}\t{{.Status}}\t{{.Ports}}\t{{.Image}}"],
+    [Number(ExitCode(0))]
+  )
+
+export const runDockerComposeLogs = (
+  cwd: string
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runCompose(cwd, ["logs", "--tail", "200"], [Number(ExitCode(0)), 130])
+
+export const runDockerComposeLogsFollow = (
+  cwd: string
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runCompose(cwd, ["logs", "--follow", "--tail", "0"], [Number(ExitCode(0)), 130])
diff --git a/packages/lib/src/shell/docker-network.ts b/packages/lib/src/shell/docker-network.ts
new file mode 100644
index 00000000..bf370004
--- /dev/null
+++ b/packages/lib/src/shell/docker-network.ts
@@ -0,0 +1,86 @@
+import { ExitCode } from "@effect/platform/CommandExecutor"
+import type * as CommandExecutor from "@effect/platform/CommandExecutor"
+import type { PlatformError } from "@effect/platform/Error"
+import { Effect } from "effect"
+
+import { runCommandCapture, runCommandExitCode, runCommandWithExitCodes } from "./command-runner.js"
+import { DockerCommandError } from "./errors.js"
+
+const dockerSuccessExitCodes = [Number(ExitCode(0))]
+
+const createDockerNetworkError = (exitCode: number): DockerCommandError => new DockerCommandError({ exitCode })
+
+const buildDockerNetworkCommand = (
+  cwd: string,
+  args: ReadonlyArray<string>
+): { readonly cwd: string; readonly command: string; readonly args: ReadonlyArray<string> } => ({
+  cwd,
+  command: "docker",
+  args
+})
+
+const runDockerNetworkCommand = (
+  cwd: string,
+  args: ReadonlyArray<string>
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runCommandWithExitCodes(
+    buildDockerNetworkCommand(cwd, args),
+    dockerSuccessExitCodes,
+    createDockerNetworkError
+  )
+
+const runDockerNetworkCapture = (
+  cwd: string,
+  args: ReadonlyArray<string>
+): Effect.Effect<string, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runCommandCapture(
+    buildDockerNetworkCommand(cwd, args),
+    dockerSuccessExitCodes,
+    createDockerNetworkError
+  )
+
+export const runDockerNetworkConnectBridge = (
+  cwd: string,
+  containerName: string
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runDockerNetworkCapture(cwd, ["network", "connect", "bridge", containerName]).pipe(Effect.asVoid)
+
+export const runDockerNetworkExists = (
+  cwd: string,
+  networkName: string
+): Effect.Effect<boolean, PlatformError, CommandExecutor.CommandExecutor> =>
+  runCommandExitCode({
+    cwd,
+    command: "docker",
+    args: ["network", "inspect", networkName]
+  }).pipe(Effect.map((exitCode) => exitCode === 0))
+
+export const runDockerNetworkCreateBridge = (
+  cwd: string,
+  networkName: string
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runDockerNetworkCommand(cwd, ["network", "create", "--driver", "bridge", networkName])
+
+export const runDockerNetworkCreateBridgeWithSubnet = (
+  cwd: string,
+  networkName: string,
+  subnet: string
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runDockerNetworkCommand(cwd, ["network", "create", "--driver", "bridge", "--subnet", subnet, networkName])
+
+export const runDockerNetworkContainerCount = (
+  cwd: string,
+  networkName: string
+): Effect.Effect<number, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runDockerNetworkCapture(cwd, ["network", "inspect", "-f", "{{len .Containers}}", networkName]).pipe(
+    Effect.map((output) => {
+      const parsed = Number.parseInt(output.trim(), 10)
+      return Number.isNaN(parsed) ? 0 : parsed
+    })
+  )
+
+export const runDockerNetworkRemove = (
+  cwd: string,
+  networkName: string
+): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runDockerNetworkCommand(cwd, ["network", "rm", networkName])
diff --git a/packages/lib/src/shell/docker-runtime.ts b/packages/lib/src/shell/docker-runtime.ts
new file mode 100644
index 00000000..b644ebca
--- /dev/null
+++ b/packages/lib/src/shell/docker-runtime.ts
@@ -0,0 +1,100 @@
+import * as Command from "@effect/platform/Command"
+import { ExitCode } from "@effect/platform/CommandExecutor"
+import type * as CommandExecutor from "@effect/platform/CommandExecutor"
+import type { PlatformError } from "@effect/platform/Error"
+import { Effect, pipe } from "effect"
+
+import { runCommandCapture } from "./command-runner.js"
+import { parseInspectNetworkEntry } from "./docker-inspect-parse.js"
+import { CommandFailedError, DockerCommandError } from "./errors.js"
+
+type DockerInspectReader<A> = (
+  cwd: string,
+  containerName: string
+) => Effect.Effect<A, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor>
+
+const createDockerInspectReader = <A>(
+  format: string,
+  parse: (output: string) => A
+): DockerInspectReader<A> =>
+(cwd, containerName) =>
+  pipe(
+    runDockerInspectValue(cwd, containerName, format),
+    Effect.map((output) => parse(output))
+  )
+
+const runDockerInspectValue = (
+  cwd: string,
+  containerName: string,
+  format: string
+): Effect.Effect<string, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
+  runCommandCapture(
+    {
+      cwd,
+      command: "docker",
+      args: ["inspect", "-f", format, containerName]
+    },
+    [Number(ExitCode(0))],
+    (exitCode) => new DockerCommandError({ exitCode })
+  )
+
+export const runDockerExecExitCode = (
+  cwd: string,
+  containerName: string,
+  args: ReadonlyArray<string>
+): Effect.Effect<number, PlatformError, CommandExecutor.CommandExecutor> =>
+  Effect.gen(function*(_) {
+    const command = pipe(
+      Command.make("docker", "exec", containerName, ...args),
+      Command.workingDirectory(cwd),
+      Command.stdout("pipe"),
+      Command.stderr("pipe")
+    )
+    const exitCode = yield* _(Command.exitCode(command))
+    return Number(exitCode)
+  })
+
+export const runDockerInspectContainerIp = createDockerInspectReader(
+  String.raw`{{range $k,$v := .NetworkSettings.Networks}}{{printf "%s=%s\n" $k $v.IPAddress}}{{end}}`,
+  (output) => {
+    const lines = output
+      .trim()
+      .split(/\r?\n/)
+      .map((line) => line.trim())
+      .filter((line) => line.length > 0)
+
+    const entries = lines.flatMap((line) => parseInspectNetworkEntry(line))
+    if (entries.length === 0) {
+      return ""
+    }
+
+    const entryMap = new Map(entries)
+    return entryMap.get("bridge") ?? entries[0]![1]
+  }
+)
+
+export const runDockerInspectContainerBridgeIp = createDockerInspectReader(
+  "{{with (index .NetworkSettings.Networks \"bridge\")}}{{.IPAddress}}{{end}}",
+  (output) => output.trim()
+)
+
+export const runDockerPsNames = (
+  cwd: string
+): Effect.Effect<ReadonlyArray<string>, CommandFailedError | PlatformError, CommandExecutor.CommandExecutor> =>
+  pipe(
+    runCommandCapture(
+      {
+        cwd,
+        command: "docker",
+        args: ["ps", "--format", "{{.Names}}"]
+      },
+      [Number(ExitCode(0))],
+      (exitCode) => new CommandFailedError({ command: "docker ps", exitCode })
+    ),
+    Effect.map((output) =>
+      output
+        .split(/\r?\n/)
+        .map((line) => line.trim())
+        .filter((line) => line.length > 0)
+    )
+  )
diff --git a/packages/lib/src/shell/docker.ts b/packages/lib/src/shell/docker.ts
index b28fe502..f75a89cc 100644
--- a/packages/lib/src/shell/docker.ts
+++ b/packages/lib/src/shell/docker.ts
@@ -1,529 +1,5 @@
-import * as Command from "@effect/platform/Command"
-import type * as CommandExecutor from "@effect/platform/CommandExecutor"
-import { ExitCode } from "@effect/platform/CommandExecutor"
-import type { PlatformError } from "@effect/platform/Error"
-import { Duration, Effect, pipe, Schedule } from "effect"
-
-import {
-  runCommandCapture,
-  runCommandExitCode,
-  runCommandWithExitCodes,
-  runCommandWithStreamingOutput
-} from "./command-runner.js"
-import { composeSpec, resolveDockerComposeEnv } from "./docker-compose-env.js"
-import { parseInspectNetworkEntry } from "./docker-inspect-parse.js"
-import { CommandFailedError, DockerCommandError } from "./errors.js"
-
+export * from "./docker-compose.js"
 export { classifyDockerAccessIssue, ensureDockerDaemonAccess } from "./docker-daemon-access.js"
+export * from "./docker-network.js"
 export { parseDockerPublishedHostPorts, runDockerPsPublishedHostPorts } from "./docker-published-ports.js"
-
-const runCompose = (
-  cwd: string,
-  args: ReadonlyArray<string>,
-  okExitCodes: ReadonlyArray<number>
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  Effect.gen(function*(_) {
-    const env = yield* _(resolveDockerComposeEnv(cwd))
-    yield* _(
-      runCommandWithStreamingOutput(
-        {
-          ...composeSpec(cwd, args),
-          ...(Object.keys(env).length > 0 ? { env } : {})
-        },
-        okExitCodes,
-        (exitCode, output) => new DockerCommandError({ exitCode, ...(output.length > 0 ? { details: output } : {}) })
-      )
-    )
-  })
-
-const runComposeCapture = (
-  cwd: string,
-  args: ReadonlyArray<string>,
-  okExitCodes: ReadonlyArray<number>
-): Effect.Effect<string, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  Effect.gen(function*(_) {
-    const env = yield* _(resolveDockerComposeEnv(cwd))
-    return yield* _(
-      runCommandCapture(
-        {
-          ...composeSpec(cwd, args),
-          ...(Object.keys(env).length > 0 ? { env } : {})
-        },
-        okExitCodes,
-        (exitCode) => new DockerCommandError({ exitCode })
-      )
-    )
-  })
-
-const dockerComposeUpRetrySchedule = Schedule.addDelay(
-  Schedule.recurs(2),
-  () => Duration.seconds(2)
-)
-
-const retryDockerComposeUp = (
-  cwd: string,
-  effect: Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor>
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  effect.pipe(
-    Effect.tapError(() =>
-      Effect.logWarning(
-        `docker compose up failed in ${cwd}; retrying (possible transient Docker Hub/DNS issue)...`
-      )
-    ),
-    Effect.retry(dockerComposeUpRetrySchedule)
-  )
-
-export type DockerComposeUpBuildMode = "build" | "reuse"
-
-const dockerComposeUpArgs = (
-  buildMode: DockerComposeUpBuildMode
-): ReadonlyArray<string> =>
-  buildMode === "reuse" ? ["up", "-d"] : ["up", "-d", "--build"]
-
-// CHANGE: run docker compose up -d --build in the target directory
-// WHY: provide a controlled shell effect for image creation
-// QUOTE(ТЗ): "создавать докер образы"
-// REF: user-request-2026-01-07
-// SOURCE: n/a
-// FORMAT THEOREM: forall dir: exitCode(cmd(dir)) = 0 -> image_built(dir)
-// PURITY: SHELL
-// EFFECT: Effect<void, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: command output is inherited from the parent process
-// COMPLEXITY: O(command)
-export const runDockerComposeUp = (
-  cwd: string,
-  options: {
-    readonly buildMode?: DockerComposeUpBuildMode
-  } = {}
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  retryDockerComposeUp(
-    cwd,
-    runCompose(cwd, dockerComposeUpArgs(options.buildMode ?? "build"), [Number(ExitCode(0))])
-  )
-
-export const dockerComposeUpRecreateArgs: ReadonlyArray<string> = [
-  "up",
-  "-d",
-  "--build",
-  "--force-recreate"
-]
-
-// CHANGE: recreate running containers and refresh images when needed
-// WHY: apply env/template updates while preserving workspace volumes
-// QUOTE(ТЗ): "сбросит только окружение"
-// REF: user-request-2026-02-11-force-env
-// SOURCE: n/a
-// FORMAT THEOREM: ∀dir: up_force_recreate(dir) → recreated(containers(dir)) ∧ preserved(volumes(dir)) ∧ updated(images(dir))
-// PURITY: SHELL
-// EFFECT: Effect<void, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: may rebuild images but does not remove volumes
-// COMPLEXITY: O(command)
-export const runDockerComposeUpRecreate = (
-  cwd: string
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  retryDockerComposeUp(
-    cwd,
-    runCompose(cwd, dockerComposeUpRecreateArgs, [Number(ExitCode(0))])
-  )
-
-// CHANGE: run docker compose down in the target directory
-// WHY: allow stopping managed containers from the CLI/menu
-// QUOTE(ТЗ): "Могу удалить / Отключить"
-// REF: user-request-2026-01-07
-// SOURCE: n/a
-// FORMAT THEOREM: forall dir: exitCode(cmd(dir)) = 0 -> containers_stopped(dir)
-// PURITY: SHELL
-// EFFECT: Effect<void, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: command output is inherited from the parent process
-// COMPLEXITY: O(command)
-export const runDockerComposeDown = (
-  cwd: string
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  runCompose(cwd, ["down"], [Number(ExitCode(0))])
-
-// CHANGE: run docker compose down -v in the target directory
-// WHY: allow a truly fresh environment by wiping the named volumes (e.g. /home/dev)
-// QUOTE(ТЗ): "контейнер полностью должен же очищаться при --force"
-// REF: user-request-2026-02-07-force-wipe-volumes
-// SOURCE: n/a
-// FORMAT THEOREM: ∀dir: down_v(dir) → removed(volumes(dir))
-// PURITY: SHELL
-// EFFECT: Effect<void, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: removes only resources within the compose project (containers, networks, volumes)
-// COMPLEXITY: O(command)
-export const runDockerComposeDownVolumes = (
-  cwd: string
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  runCompose(cwd, ["down", "-v", "--remove-orphans"], [Number(ExitCode(0))])
-
-// CHANGE: recreate docker compose environment in the target directory
-// WHY: allow a clean rebuild of the container from the UI
-// QUOTE(ТЗ): "дропнул контейнер и заново его создал"
-// REF: user-request-2026-01-13
-// SOURCE: n/a
-// FORMAT THEOREM: forall dir: down(dir) && up(dir) -> recreated(dir)
-// PURITY: SHELL
-// EFFECT: Effect<void, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: down completes before up starts
-// COMPLEXITY: O(command)
-export const runDockerComposeRecreate = (
-  cwd: string
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  pipe(
-    runDockerComposeDown(cwd),
-    Effect.zipRight(runDockerComposeUp(cwd))
-  )
-
-// CHANGE: run docker compose ps in the target directory
-// WHY: expose runtime status in the interactive menu
-// QUOTE(ТЗ): "вижу всю инфу по ним"
-// REF: user-request-2026-01-07
-// SOURCE: n/a
-// FORMAT THEOREM: forall dir: exitCode(cmd(dir)) = 0 -> status_listed(dir)
-// PURITY: SHELL
-// EFFECT: Effect<void, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: command output is inherited from the parent process
-// COMPLEXITY: O(command)
-export const runDockerComposePs = (
-  cwd: string
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  runCompose(cwd, ["ps"], [Number(ExitCode(0))])
-
-// CHANGE: capture docker compose ps output in a parseable format
-// WHY: allow structured, readable status output for CLI
-// QUOTE(ТЗ): "информация отображалиась удобно"
-// REF: user-request-2026-01-28
-// SOURCE: n/a
-// FORMAT THEOREM: forall dir: ps_fmt(dir) -> tabbed_string
-// PURITY: SHELL
-// EFFECT: Effect<string, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: output is tab-delimited columns from docker compose ps
-// COMPLEXITY: O(command)
-export const runDockerComposePsFormatted = (
-  cwd: string
-): Effect.Effect<string, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  runComposeCapture(
-    cwd,
-    ["ps", "--format", "{{.Name}}\t{{.Status}}\t{{.Ports}}\t{{.Image}}"],
-    [Number(ExitCode(0))]
-  )
-
-// CHANGE: run docker compose logs in the target directory
-// WHY: allow quick inspection of container output without leaving the menu
-// QUOTE(ТЗ): "вижу всю инфу по ним"
-// REF: user-request-2026-01-07
-// SOURCE: n/a
-// FORMAT THEOREM: forall dir: exitCode(cmd(dir)) in {0,130} -> logs_shown(dir)
-// PURITY: SHELL
-// EFFECT: Effect<void, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: command output is inherited from the parent process
-// COMPLEXITY: O(command)
-export const runDockerComposeLogs = (
-  cwd: string
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  runCompose(cwd, ["logs", "--tail", "200"], [Number(ExitCode(0)), 130])
-
-// CHANGE: stream docker compose logs until interrupted
-// WHY: allow synchronous clone flow to surface container output
-// QUOTE(ТЗ): "должно работать синхронно отображая весь процесс"
-// REF: user-request-2026-01-28
-// SOURCE: n/a
-// FORMAT THEOREM: forall dir: logs_follow(dir) -> stdout(stream)
-// PURITY: SHELL
-// EFFECT: Effect<void, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: command output is inherited from the parent process
-// COMPLEXITY: O(command)
-export const runDockerComposeLogsFollow = (
-  cwd: string
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  runCompose(cwd, ["logs", "--follow", "--tail", "0"], [Number(ExitCode(0)), 130])
-
-// CHANGE: run docker exec and return its exit code
-// WHY: allow polling for clone completion markers inside the container
-// QUOTE(ТЗ): "весь процесс от и до"
-// REF: user-request-2026-01-28
-// SOURCE: n/a
-// FORMAT THEOREM: forall cmd: exitCode(docker exec cmd) = n -> deterministic(n)
-// PURITY: SHELL
-// EFFECT: Effect<number, PlatformError, CommandExecutor>
-// INVARIANT: stdout/stderr are suppressed for polling commands
-// COMPLEXITY: O(command)
-export const runDockerExecExitCode = (
-  cwd: string,
-  containerName: string,
-  args: ReadonlyArray<string>
-): Effect.Effect<number, PlatformError, CommandExecutor.CommandExecutor> =>
-  Effect.gen(function*(_) {
-    const command = pipe(
-      Command.make("docker", "exec", containerName, ...args),
-      Command.workingDirectory(cwd),
-      Command.stdout("pipe"),
-      Command.stderr("pipe")
-    )
-    const exitCode = yield* _(Command.exitCode(command))
-    return Number(exitCode)
-  })
-
-// CHANGE: inspect container IP address
-// WHY: enable per-container DNS mapping on the host
-// QUOTE(ТЗ): "У каждого контейнера свой IP т.е свой домен"
-// REF: user-request-2026-01-30-dns
-// SOURCE: n/a
-// FORMAT THEOREM: forall c: inspect(c) -> ip(c)
-// PURITY: SHELL
-// EFFECT: Effect<string, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: returns empty string when not available
-// COMPLEXITY: O(command)
-export const runDockerInspectContainerIp = (
-  cwd: string,
-  containerName: string
-): Effect.Effect<string, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  pipe(
-    runCommandCapture(
-      {
-        cwd,
-        command: "docker",
-        args: [
-          "inspect",
-          "-f",
-          // Prefer the built-in `bridge` network IP when present so the printed IP
-          // works from "external" containers that default to `bridge`.
-          // Example output:
-          //   bridge=172.17.0.4
-          //   <project>_dg-<repo>-net=192.168.64.3
-          String.raw`{{range $k,$v := .NetworkSettings.Networks}}{{printf "%s=%s\n" $k $v.IPAddress}}{{end}}`,
-          containerName
-        ]
-      },
-      [Number(ExitCode(0))],
-      (exitCode) => new DockerCommandError({ exitCode })
-    ),
-    Effect.map((output) => {
-      const lines = output
-        .trim()
-        .split(/\r?\n/)
-        .map((line) => line.trim())
-        .filter((line) => line.length > 0)
-
-      const entries = lines.flatMap((line) => parseInspectNetworkEntry(line))
-
-      if (entries.length === 0) {
-        return ""
-      }
-
-      const map = new Map(entries)
-      return map.get("bridge") ?? entries[0]![1]
-    })
-  )
-
-// CHANGE: inspect the container IP address on the default `bridge` network
-// WHY: allow callers to decide whether `docker network connect bridge` is needed
-// QUOTE(ТЗ): "подключиться с внешнего контейнера"
-// REF: user-request-2026-02-10-bridge-ip
-// SOURCE: n/a
-// FORMAT THEOREM: ∀c: bridge(c) → ip_bridge(c) ≠ ""
-// PURITY: SHELL
-// EFFECT: Effect<string, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: returns "" when the container is not connected to `bridge`
-// COMPLEXITY: O(command)
-export const runDockerInspectContainerBridgeIp = (
-  cwd: string,
-  containerName: string
-): Effect.Effect<string, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  pipe(
-    runCommandCapture(
-      {
-        cwd,
-        command: "docker",
-        args: [
-          "inspect",
-          "-f",
-          "{{with (index .NetworkSettings.Networks \"bridge\")}}{{.IPAddress}}{{end}}",
-          containerName
-        ]
-      },
-      [Number(ExitCode(0))],
-      (exitCode) => new DockerCommandError({ exitCode })
-    ),
-    Effect.map((output) => output.trim())
-  )
-
-// CHANGE: connect an existing container to the default `bridge` network
-// WHY: allow "external" containers (which default to `bridge`) to reach services by container IP
-// QUOTE(ТЗ): "Всё что запущено в докере должно быть публично наружу"
-// REF: user-request-2026-02-10-public-ports
-// SOURCE: n/a
-// FORMAT THEOREM: ∀c: up(c) → reachable(bridge_ip(c), ports(c))
-// PURITY: SHELL
-// EFFECT: Effect<void, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: does not fail the overall flow when already connected (handled by caller)
-// COMPLEXITY: O(command)
-export const runDockerNetworkConnectBridge = (
-  cwd: string,
-  containerName: string
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  pipe(
-    runCommandCapture(
-      {
-        cwd,
-        command: "docker",
-        args: ["network", "connect", "bridge", containerName]
-      },
-      [Number(ExitCode(0))],
-      (exitCode) => new DockerCommandError({ exitCode })
-    ),
-    Effect.asVoid
-  )
-
-// CHANGE: check whether a Docker network already exists
-// WHY: allow shared-network mode to create the network only when missing
-// QUOTE(ТЗ): "Что бы текущие проекты не ложились"
-// REF: user-request-2026-02-20-network-shared
-// SOURCE: n/a
-// FORMAT THEOREM: ∀n: exists(n) ∈ {true,false}
-// PURITY: SHELL
-// EFFECT: Effect<boolean, PlatformError, CommandExecutor>
-// INVARIANT: returns false for non-zero inspect exit codes
-// COMPLEXITY: O(command)
-export const runDockerNetworkExists = (
-  cwd: string,
-  networkName: string
-): Effect.Effect<boolean, PlatformError, CommandExecutor.CommandExecutor> =>
-  runCommandExitCode({
-    cwd,
-    command: "docker",
-    args: ["network", "inspect", networkName]
-  }).pipe(Effect.map((exitCode) => exitCode === 0))
-
-// CHANGE: create a Docker bridge network with a deterministic name
-// WHY: shared-network mode requires an external network before compose up
-// QUOTE(ТЗ): "сделай что бы я эту ошибку больше не видел"
-// REF: user-request-2026-02-20-network-shared
-// SOURCE: n/a
-// FORMAT THEOREM: ∀n: create(n)=0 -> network_exists(n)
-// PURITY: SHELL
-// EFFECT: Effect<void, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: network driver is always `bridge`
-// COMPLEXITY: O(command)
-export const runDockerNetworkCreateBridge = (
-  cwd: string,
-  networkName: string
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  runCommandWithExitCodes(
-    {
-      cwd,
-      command: "docker",
-      args: ["network", "create", "--driver", "bridge", networkName]
-    },
-    [Number(ExitCode(0))],
-    (exitCode) => new DockerCommandError({ exitCode })
-  )
-
-// CHANGE: create a Docker bridge network with an explicit subnet
-// WHY: allow callers to bypass default address-pool allocation when it is exhausted
-// QUOTE(ТЗ): "научилось создавать сети правильно"
-// REF: user-request-2026-02-20-network-fallback
-// SOURCE: n/a
-// FORMAT THEOREM: ∀(n,s): create(n,s)=0 -> exists(n) ∧ subnet(n)=s
-// PURITY: SHELL
-// EFFECT: Effect<void, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: network driver is always `bridge`
-// COMPLEXITY: O(command)
-export const runDockerNetworkCreateBridgeWithSubnet = (
-  cwd: string,
-  networkName: string,
-  subnet: string
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  runCommandWithExitCodes(
-    {
-      cwd,
-      command: "docker",
-      args: ["network", "create", "--driver", "bridge", "--subnet", subnet, networkName]
-    },
-    [Number(ExitCode(0))],
-    (exitCode) => new DockerCommandError({ exitCode })
-  )
-
-// CHANGE: inspect how many containers are attached to a network
-// WHY: network GC must remove only detached networks
-// QUOTE(ТЗ): "Только так что бы текущие проекты не ложились"
-// REF: user-request-2026-02-20-network-gc
-// SOURCE: n/a
-// FORMAT THEOREM: ∀n: count(n) = |containers(n)|
-// PURITY: SHELL
-// EFFECT: Effect<number, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: parse fallback is 0 when docker inspect output is empty
-// COMPLEXITY: O(command)
-export const runDockerNetworkContainerCount = (
-  cwd: string,
-  networkName: string
-): Effect.Effect<number, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  runCommandCapture(
-    {
-      cwd,
-      command: "docker",
-      args: ["network", "inspect", "-f", "{{len .Containers}}", networkName]
-    },
-    [Number(ExitCode(0))],
-    (exitCode) => new DockerCommandError({ exitCode })
-  ).pipe(
-    Effect.map((output) => {
-      const parsed = Number.parseInt(output.trim(), 10)
-      return Number.isNaN(parsed) ? 0 : parsed
-    })
-  )
-
-// CHANGE: remove a Docker network by name
-// WHY: network GC should reclaim detached project-scoped networks
-// QUOTE(ТЗ): "убирать мусорные сети автоматически"
-// REF: user-request-2026-02-20-network-gc
-// SOURCE: n/a
-// FORMAT THEOREM: ∀n: rm(n)=0 -> !exists(n)
-// PURITY: SHELL
-// EFFECT: Effect<void, DockerCommandError | PlatformError, CommandExecutor>
-// INVARIANT: removes exactly the named network
-// COMPLEXITY: O(command)
-export const runDockerNetworkRemove = (
-  cwd: string,
-  networkName: string
-): Effect.Effect<void, DockerCommandError | PlatformError, CommandExecutor.CommandExecutor> =>
-  runCommandWithExitCodes(
-    {
-      cwd,
-      command: "docker",
-      args: ["network", "rm", networkName]
-    },
-    [Number(ExitCode(0))],
-    (exitCode) => new DockerCommandError({ exitCode })
-  )
-
-// CHANGE: list names of running Docker containers
-// WHY: support TUI filtering (e.g. stop only running docker-git containers)
-// QUOTE(ТЗ): "Если я выбираю остановку контейнера значит он мне должен показывать контейнеры которые запущены"
-// REF: user-request-2026-02-07-stop-only-running
-// SOURCE: n/a
-// FORMAT THEOREM: forall c: c in ps -> running(c)
-// PURITY: SHELL
-// EFFECT: Effect<ReadonlyArray<string>, CommandFailedError | PlatformError, CommandExecutor>
-// INVARIANT: result contains only non-empty container names
-// COMPLEXITY: O(command)
-export const runDockerPsNames = (
-  cwd: string
-): Effect.Effect<ReadonlyArray<string>, CommandFailedError | PlatformError, CommandExecutor.CommandExecutor> =>
-  pipe(
-    runCommandCapture(
-      {
-        cwd,
-        command: "docker",
-        args: ["ps", "--format", "{{.Names}}"]
-      },
-      [Number(ExitCode(0))],
-      (exitCode) => new CommandFailedError({ command: "docker ps", exitCode })
-    ),
-    Effect.map((output) =>
-      output
-        .split(/\r?\n/)
-        .map((line) => line.trim())
-        .filter((line) => line.length > 0)
-    )
-  )
+export * from "./docker-runtime.js"
diff --git a/packages/lib/src/usecases/projects-up.ts b/packages/lib/src/usecases/projects-up.ts
index 294e6c5f..c9938eeb 100644
--- a/packages/lib/src/usecases/projects-up.ts
+++ b/packages/lib/src/usecases/projects-up.ts
@@ -182,8 +182,7 @@ const runProjectComposeUp = (
         `docker compose up -d failed in ${projectDir}; falling back to docker compose up -d --build.`
       ).pipe(
         Effect.zipRight(runDockerComposeUp(projectDir))
-      )
-    )
+      ))
   )
 }
 
@@ -261,11 +260,9 @@ export const runDockerComposeUpWithPortCheck = (
     yield* _(ensureComposeNetworkReady(projectDir, resolvedTemplate))
     yield* _(ensureSharedCodexVolumeReady(projectDir, resolvedTemplate))
     yield* _(runProjectComposeUp(projectDir, options.buildMode ?? "build"))
-    if (options.waitForPostStart === false) {
-      yield* _(startProjectPostStartSelfHealInBackground(projectDir, resolvedTemplate))
-    } else {
-      yield* _(runProjectPostStartSelfHeal(projectDir, resolvedTemplate))
-    }
+    yield* (options.waitForPostStart === false
+      ? _(startProjectPostStartSelfHealInBackground(projectDir, resolvedTemplate))
+      : _(runProjectPostStartSelfHeal(projectDir, resolvedTemplate)))
 
     return resolvedTemplate
   })
diff --git a/packages/lib/tests/core/templates.test.ts b/packages/lib/tests/core/templates.test.ts
index b3808352..72cf4348 100644
--- a/packages/lib/tests/core/templates.test.ts
+++ b/packages/lib/tests/core/templates.test.ts
@@ -207,6 +207,7 @@ describe("renderEntrypoint auth bridge", () => {
       "su - dev -s /bin/bash -c \"bash -lc",
       ". /etc/profile 2>/dev/null || true;",
       String.raw`. \"$AGENT_ENV_FILE\" 2>/dev/null || true;`,
+      "[[ -f /etc/profile.d/docker-host.sh ]] && cat /etc/profile.d/docker-host.sh",
       "AGENT_PROMPT_FILE=\"/run/docker-git/agent-prompt.txt\"",
       "MCP_PLAYWRIGHT_ISOLATED=1 claude --dangerously-skip-permissions -p",
       "CLAUDE_GLOBAL_PROMPT_FILE=\"/home/dev/.claude/CLAUDE.md\"",
@@ -251,11 +252,25 @@ describe("renderDockerCompose", () => {
     expect(compose).toContain("name: dg-test")
     expect(compose).toContain("container_name: dg-test")
     expect(compose).toContain("    env_file:\n      - /workspace/.orch/env/global.env\n      - /workspace/.orch/env/project.env\n")
+    expect(compose).toContain('DOCKER_GIT_PROJECT_DOCKER_HOST: "${DOCKER_GIT_PROJECT_DOCKER_HOST:-}"')
+    expect(compose).toContain('- "${DOCKER_GIT_PROJECT_SSH_BIND_HOST:-127.0.0.1}:2222:22"')
+    expect(compose).toContain('    extra_hosts:\n      - "host.docker.internal:host-gateway"')
     expect(compose).toContain("    dns:\n      - 8.8.8.8\n      - 8.8.4.4\n      - 1.1.1.1\n    networks:")
     expect(compose).not.toContain("dg-test-browser")
+    expect(compose).not.toContain("/var/run/docker.sock:/var/run/docker.sock")
     expect((compose.match(/\n    dns:\n/g) ?? []).length).toBe(1)
   })
 
+  it("persists explicit Docker host into login and SSH environments before socket fallback", () => {
+    const entrypoint = renderEntrypoint(makeTemplateConfig())
+
+    expect(entrypoint).toContain('if [[ -n "${DOCKER_GIT_PROJECT_DOCKER_HOST:-}" && -z "${DOCKER_HOST:-}" ]]; then')
+    expect(entrypoint).toContain('printf "export DOCKER_HOST=%q\\n" "$DOCKER_HOST" > /etc/profile.d/docker-host.sh')
+    expect(entrypoint).toContain('docker_git_upsert_ssh_env "DOCKER_HOST" "$DOCKER_HOST"')
+    expect(entrypoint).toContain('elif [[ -S /var/run/docker.sock ]]; then')
+    expect(entrypoint).toContain('docker_git_upsert_ssh_env "DOCKER_HOST" "unix:///var/run/docker.sock"')
+  })
+
   it("renders fallback DNS servers for the browser sidecar when Playwright is enabled", () => {
     const compose = renderDockerCompose(
       makeTemplateConfig({
diff --git a/packages/lib/tests/shell/docker-access.test.ts b/packages/lib/tests/shell/docker-access.test.ts
index b6649701..092dc38f 100644
--- a/packages/lib/tests/shell/docker-access.test.ts
+++ b/packages/lib/tests/shell/docker-access.test.ts
@@ -99,4 +99,37 @@ describe("classifyDockerAccessIssue", () => {
       expect(error.details).toContain("Fallback DOCKER_HOST=unix:///run/user/")
     })
   )
+
+  it.effect("does not probe rootless fallbacks when DOCKER_HOST is explicit", () =>
+    Effect.gen(function*(_) {
+      const executor = makeDockerInfoExecutor()
+      const previousDockerHost = process.env["DOCKER_HOST"]
+      const restoreEnv = Effect.sync(() => {
+        if (previousDockerHost === undefined) {
+          delete process.env["DOCKER_HOST"]
+        } else {
+          process.env["DOCKER_HOST"] = previousDockerHost
+        }
+      })
+
+      yield* _(Effect.sync(() => {
+        process.env["DOCKER_HOST"] = "unix:///explicit-docker.sock"
+      }))
+
+      const error = yield* _(
+        Effect.ensuring(
+          Effect.scoped(
+            ensureDockerDaemonAccess("/tmp").pipe(
+              Effect.provideService(CommandExecutor.CommandExecutor, executor),
+              Effect.flip
+            )
+          ),
+          restoreEnv
+        )
+      )
+
+      expect(error.issue).toBe("PermissionDenied")
+      expect(error.details).not.toContain("Fallback DOCKER_HOST=")
+    })
+  )
 })
diff --git a/packages/lib/tests/usecases/state-repo-auto-pull.test.ts b/packages/lib/tests/usecases/state-repo-auto-pull.test.ts
index ac5f8515..33b81bb2 100644
--- a/packages/lib/tests/usecases/state-repo-auto-pull.test.ts
+++ b/packages/lib/tests/usecases/state-repo-auto-pull.test.ts
@@ -21,7 +21,10 @@ import { autoPullState } from "../../src/usecases/state-repo.js"
 // Helpers (same pattern as state-repo-init.test.ts)
 // ---------------------------------------------------------------------------
 
-const seedEnv: Record<string, string> = { GIT_CONFIG_NOSYSTEM: "1" }
+const seedEnv: Record<string, string> = {
+  DOCKER_GIT_SKIP_POST_PUSH_ACTION: "1",
+  GIT_CONFIG_NOSYSTEM: "1"
+}
 
 const collectUint8Array = (chunks: Chunk.Chunk<Uint8Array>): Uint8Array =>
   Chunk.reduce(chunks, new Uint8Array(), (acc, curr) => {
diff --git a/packages/lib/tests/usecases/state-repo-init.test.ts b/packages/lib/tests/usecases/state-repo-init.test.ts
index 9f85713a..edde5d13 100644
--- a/packages/lib/tests/usecases/state-repo-init.test.ts
+++ b/packages/lib/tests/usecases/state-repo-init.test.ts
@@ -24,7 +24,10 @@ import { stateInit } from "../../src/usecases/state-repo.js"
 // GIT_CONFIG_NOSYSTEM=1 bypasses system-level git hooks (e.g. the docker-git
 // pre-push hook that blocks pushes to `main`).  Only used in test seeding, not
 // in the code-under-test.
-const seedEnv: Record<string, string> = { GIT_CONFIG_NOSYSTEM: "1" }
+const seedEnv: Record<string, string> = {
+  DOCKER_GIT_SKIP_POST_PUSH_ACTION: "1",
+  GIT_CONFIG_NOSYSTEM: "1"
+}
 
 const collectUint8Array = (chunks: Chunk.Chunk<Uint8Array>): Uint8Array =>
   Chunk.reduce(chunks, new Uint8Array(), (acc, curr) => {
diff --git a/scripts/e2e/_lib.sh b/scripts/e2e/_lib.sh
index a2862be7..9b8dcf22 100644
--- a/scripts/e2e/_lib.sh
+++ b/scripts/e2e/_lib.sh
@@ -18,7 +18,31 @@ dg_install_docker_wrapper() {
   cat > "$bin_dir/docker" <<'EOF'
 #!/usr/bin/env bash
 set -euo pipefail
-exec sudo -n docker "$@"
+exec sudo -n env \
+  "COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-}" \
+  "DOCKER_GIT_API_BIND_HOST=${DOCKER_GIT_API_BIND_HOST:-}" \
+  "DOCKER_GIT_API_CONTAINER_NAME=${DOCKER_GIT_API_CONTAINER_NAME:-}" \
+  "DOCKER_GIT_API_PORT=${DOCKER_GIT_API_PORT:-}" \
+  "DOCKER_GIT_CONTROLLER_DOCKER_HOST=${DOCKER_GIT_CONTROLLER_DOCKER_HOST:-}" \
+  "DOCKER_GIT_CONTROLLER_REV=${DOCKER_GIT_CONTROLLER_REV:-}" \
+  "DOCKER_GIT_DOCKERD_DEFAULT_CGROUPNS_MODE=${DOCKER_GIT_DOCKERD_DEFAULT_CGROUPNS_MODE:-}" \
+  "DOCKER_GIT_DOCKERD_TCP_HOST=${DOCKER_GIT_DOCKERD_TCP_HOST:-}" \
+  "DOCKER_GIT_DOCKER_DATA_VOLUME=${DOCKER_GIT_DOCKER_DATA_VOLUME:-}" \
+  "DOCKER_GIT_DOCKER_RUNTIME=${DOCKER_GIT_DOCKER_RUNTIME:-}" \
+  "DOCKER_GIT_EXCHANGE_AGENT_COMMAND=${DOCKER_GIT_EXCHANGE_AGENT_COMMAND:-}" \
+  "DOCKER_GIT_EXCHANGE_AGENT_PROVIDER=${DOCKER_GIT_EXCHANGE_AGENT_PROVIDER:-}" \
+  "DOCKER_GIT_EXCHANGE_AGENT_TIMEOUT_MS=${DOCKER_GIT_EXCHANGE_AGENT_TIMEOUT_MS:-}" \
+  "DOCKER_GIT_EXCHANGE_PROJECT_REPO_URL=${DOCKER_GIT_EXCHANGE_PROJECT_REPO_URL:-}" \
+  "DOCKER_GIT_EXCHANGE_TARGETS=${DOCKER_GIT_EXCHANGE_TARGETS:-}" \
+  "DOCKER_GIT_FEDERATION_ACTOR=${DOCKER_GIT_FEDERATION_ACTOR:-}" \
+  "DOCKER_GIT_FEDERATION_PUBLIC_ORIGIN=${DOCKER_GIT_FEDERATION_PUBLIC_ORIGIN:-}" \
+  "DOCKER_GIT_OUTBOX_POLLING_INTERVAL_MS=${DOCKER_GIT_OUTBOX_POLLING_INTERVAL_MS:-}" \
+  "DOCKER_GIT_PROJECTS_ROOT=${DOCKER_GIT_PROJECTS_ROOT:-}" \
+  "DOCKER_GIT_PROJECTS_ROOT_VOLUME=${DOCKER_GIT_PROJECTS_ROOT_VOLUME:-}" \
+  "DOCKER_GIT_PROJECT_DOCKER_HOST=${DOCKER_GIT_PROJECT_DOCKER_HOST:-}" \
+  "DOCKER_GIT_PROJECT_SSH_BIND_HOST=${DOCKER_GIT_PROJECT_SSH_BIND_HOST:-}" \
+  "UBUNTU_APT_MIRROR=${UBUNTU_APT_MIRROR:-}" \
+  docker "$@"
 EOF
   chmod +x "$bin_dir/docker"
 }
@@ -110,6 +134,232 @@ dg_ensure_node_gyp() {
   export PATH="$node_gyp_bin:$PATH"
 }
 
+dg_controller_container_name() {
+  printf '%s\n' "${DOCKER_GIT_API_CONTAINER_NAME:-docker-git-api}"
+}
+
+dg_has_project_docker_access() {
+  local controller
+  controller="$(dg_controller_container_name)"
+
+  docker ps --format '{{.Names}}' 2>/dev/null | grep -qx "$controller" \
+    && docker exec "$controller" docker info >/dev/null 2>&1
+}
+
+dg_docker_args_request_tty() {
+  local skip_next=0
+  local arg
+
+  for arg in "$@"; do
+    if [[ "$arg" == "exec" ]]; then
+      continue
+    fi
+
+    if [[ "$skip_next" == "1" ]]; then
+      skip_next=0
+      continue
+    fi
+
+    case "$arg" in
+      --)
+        return 1
+        ;;
+      --tty)
+        return 0
+        ;;
+      --user|--workdir|--env|--env-file|--detach-keys)
+        skip_next=1
+        ;;
+      --user=*|--workdir=*|--env=*|--env-file=*|--detach-keys=*)
+        ;;
+      -u|-w|-e)
+        skip_next=1
+        ;;
+      -*t*)
+        return 0
+        ;;
+      -*)
+        ;;
+      *)
+        return 1
+        ;;
+    esac
+  done
+
+  return 1
+}
+
+# Run Docker commands against the daemon that owns docker-git project
+# containers. In isolated-controller mode this is the daemon inside
+# docker-git-api; in legacy/local mode it falls back to the host daemon.
+dg_project_docker() {
+  local controller
+  controller="$(dg_controller_container_name)"
+
+  if dg_has_project_docker_access; then
+    if [[ "${1:-}" == "exec" ]]; then
+      local exec_flags=(-i)
+      if [[ -t 0 && -t 1 ]] && dg_docker_args_request_tty "$@"; then
+        exec_flags=(-it)
+      fi
+      docker exec "${exec_flags[@]}" "$controller" docker "$@"
+      return
+    fi
+
+    docker exec "$controller" docker "$@"
+    return
+  fi
+
+  docker "$@"
+}
+
+dg_project_compose() {
+  local project_dir="$1"
+  shift
+
+  local controller
+  controller="$(dg_controller_container_name)"
+
+  if dg_has_project_docker_access; then
+    docker exec "$controller" bash -lc 'cd "$1" && shift && exec docker compose "$@"' \
+      bash "$project_dir" "$@"
+    return
+  fi
+
+  (cd "$project_dir" && docker compose "$@")
+}
+
+dg_project_container_ip() {
+  local container="$1"
+
+  dg_project_docker inspect \
+    --format '{{range .NetworkSettings.Networks}}{{println .IPAddress}}{{end}}' \
+    "$container" 2>/dev/null \
+    | sed '/^$/d' \
+    | head -n 1
+}
+
+dg_rewrite_ssh_args_for_project_container() {
+  local container_ip="$1"
+  local controller_key_path="$2"
+  shift 2
+
+  local replace_identity=0
+  local replace_port=0
+  local arg
+  for arg in "$@"; do
+    if [[ "$replace_identity" == "1" ]]; then
+      printf '%s\0' "$controller_key_path"
+      replace_identity=0
+      continue
+    fi
+
+    if [[ "$replace_port" == "1" ]]; then
+      printf '%s\0' "22"
+      replace_port=0
+      continue
+    fi
+
+    case "$arg" in
+      -i)
+        printf '%s\0' "-i"
+        replace_identity=1
+        ;;
+      -p)
+        printf '%s\0' "-p"
+        replace_port=1
+        ;;
+      *@127.0.0.1|*@localhost)
+        printf '%s\0' "${arg%@*}@$container_ip"
+        ;;
+      *)
+        printf '%s\0' "$arg"
+        ;;
+    esac
+  done
+}
+
+dg_find_ssh_identity_arg() {
+  local previous=""
+  local arg
+
+  for arg in "$@"; do
+    if [[ "$previous" == "-i" ]]; then
+      printf '%s\n' "$arg"
+      return 0
+    fi
+    previous="$arg"
+  done
+
+  return 1
+}
+
+dg_project_ssh_to_container() {
+  local container="$1"
+  local local_ssh_command="$2"
+  shift 2
+
+  if ! dg_has_project_docker_access; then
+    "$local_ssh_command" "$@"
+    return
+  fi
+
+  local controller
+  controller="$(dg_controller_container_name)"
+
+  local container_ip
+  container_ip="$(dg_project_container_ip "$container")"
+  if [[ -z "$container_ip" ]]; then
+    return 255
+  fi
+
+  local identity_arg=""
+  identity_arg="$(dg_find_ssh_identity_arg "$@" || true)"
+  local controller_key_path="/tmp/docker-git-e2e-ssh-key-$$-$RANDOM"
+  if [[ -n "$identity_arg" ]]; then
+    docker exec -i "$controller" bash -lc 'umask 077; cat > "$1"' bash "$controller_key_path" \
+      < "$identity_arg"
+  fi
+
+  local rewritten=()
+  while IFS= read -r -d '' arg; do
+    rewritten+=("$arg")
+  done < <(dg_rewrite_ssh_args_for_project_container "$container_ip" "$controller_key_path" "$@")
+
+  local exec_flags=(-i)
+  if [[ -t 0 && -t 1 ]]; then
+    exec_flags=(-it)
+  fi
+
+  local ssh_exit=0
+  local controller_key_arg=""
+  if [[ -n "$identity_arg" ]]; then
+    controller_key_arg="$controller_key_path"
+  fi
+
+  if docker exec "${exec_flags[@]}" "$controller" bash -lc '
+    key_path="$1"
+    shift
+    cleanup() {
+      if [[ -n "$key_path" ]]; then
+        rm -f "$key_path" >/dev/null 2>&1 || true
+      fi
+    }
+    trap cleanup EXIT HUP INT TERM
+    ssh "$@"
+  ' bash "$controller_key_arg" "${rewritten[@]}"; then
+    ssh_exit=0
+  else
+    ssh_exit=$?
+  fi
+
+  if [[ -n "$identity_arg" ]]; then
+    docker exec "$controller" rm -f "$controller_key_path" >/dev/null 2>&1 || true
+  fi
+
+  return "$ssh_exit"
+}
+
 dg_prepare_bun_workspace() {
   local repo_root="$1"
   local bin_dir="$2"
diff --git a/scripts/e2e/clone-auto-open-ssh.sh b/scripts/e2e/clone-auto-open-ssh.sh
index d62dd00e..dd2a611c 100755
--- a/scripts/e2e/clone-auto-open-ssh.sh
+++ b/scripts/e2e/clone-auto-open-ssh.sh
@@ -56,9 +56,9 @@ on_error() {
   FAILURE_DUMPED=1
   echo "e2e/clone-auto-open-ssh: failed at line $line" >&2
   docker ps -a --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}' | head -n 80 || true
-  if docker ps -a --format '{{.Names}}' | grep -qx "$CONTAINER_NAME" 2>/dev/null; then
-    docker inspect "$CONTAINER_NAME" || true
-    docker logs "$CONTAINER_NAME" --tail 200 || true
+  if dg_project_docker ps -a --format '{{.Names}}' | grep -qx "$CONTAINER_NAME" 2>/dev/null; then
+    dg_project_docker inspect "$CONTAINER_NAME" || true
+    dg_project_docker logs "$CONTAINER_NAME" --tail 200 || true
   fi
   if [[ -f "$CLONE_LOG" ]]; then
     echo "--- clone log ---" >&2
@@ -72,9 +72,9 @@ on_error() {
     echo "--- ssh session log ---" >&2
     cat "$SSH_SESSION_LOG" >&2 || true
   fi
-  if [[ -d "$OUT_DIR" ]] && [[ -f "$OUT_DIR/docker-compose.yml" ]]; then
-    (cd "$OUT_DIR" && docker compose ps) || true
-    (cd "$OUT_DIR" && docker compose logs --no-color --tail 200) || true
+  if [[ -d "$OUT_DIR" ]]; then
+    dg_project_compose "$OUT_DIR" ps || true
+    dg_project_compose "$OUT_DIR" logs --no-color --tail 200 || true
   fi
 }
 
@@ -85,11 +85,11 @@ cleanup() {
     echo "e2e/clone-auto-open-ssh: out dir: $OUT_DIR" >&2
     return
   fi
-  if [[ -d "$OUT_DIR" ]] && [[ -f "$OUT_DIR/docker-compose.yml" ]]; then
-    (cd "$OUT_DIR" && docker compose down -v --remove-orphans) >/dev/null 2>&1 || true
+  if [[ -d "$OUT_DIR" ]]; then
+    dg_project_compose "$OUT_DIR" down -v --remove-orphans >/dev/null 2>&1 || true
   fi
-  docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true
-  docker volume rm \
+  dg_project_docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true
+  dg_project_docker volume rm \
     "$VOLUME_NAME" \
     "${VOLUME_NAME}-bootstrap" \
     "${SERVICE_NAME}_${VOLUME_NAME}" \
@@ -151,11 +151,8 @@ container_ip() {
     return 1
   fi
 
-  docker inspect \
-    --format '{{range .NetworkSettings.Networks}}{{println .IPAddress}}{{end}}' \
-    "$DOCKER_GIT_E2E_CONTAINER_NAME" 2>/dev/null \
-    | sed '/^$/d' \
-    | head -n 1
+  source "$REPO_ROOT/scripts/e2e/_lib.sh"
+  dg_project_container_ip "$DOCKER_GIT_E2E_CONTAINER_NAME"
 }
 
 run_ssh_via_container_ip() {
@@ -190,7 +187,10 @@ run_ssh_via_container_ip() {
   done
 
   printf "fallback-target: <%s>\n" "$ip" >> "$DOCKER_GIT_E2E_SSH_INVOCATION_LOG"
-  run_ssh "${rewritten[@]}"
+  source "$REPO_ROOT/scripts/e2e/_lib.sh"
+  dg_project_ssh_to_container "$DOCKER_GIT_E2E_CONTAINER_NAME" "$DOCKER_GIT_E2E_REAL_SSH" \
+    "${rewritten[@]}" "$REMOTE_COMMAND" \
+    >> "$DOCKER_GIT_E2E_SSH_SESSION_LOG" 2>&1
 }
 
 set +e
@@ -262,7 +262,7 @@ grep -Eq -- '<dev@(127[.]0[.]0[.]1|localhost)>' "$SSH_INVOCATION_LOG" \
   || fail "expected ssh target to be dev@127.0.0.1 or dev@localhost"
 grep -Fq -- "exit: 0" "$SSH_INVOCATION_LOG" || fail "expected ssh command to succeed"
 
-docker exec -u dev "$CONTAINER_NAME" bash -lc "test -d '$TARGET_DIR/.git'" \
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc "test -d '$TARGET_DIR/.git'" \
   || fail "expected cloned repo at: $TARGET_DIR"
 
 grep -Fq -- "Контекст workspace: issue #1 (https://github.com/octocat/Hello-World/issues/1)" "$SSH_SESSION_LOG" \
diff --git a/scripts/e2e/clone-cache.sh b/scripts/e2e/clone-cache.sh
index 873e7402..763e5511 100755
--- a/scripts/e2e/clone-cache.sh
+++ b/scripts/e2e/clone-cache.sh
@@ -43,8 +43,8 @@ fail() {
 }
 
 reset_shared_clone_cache_volume() {
-  docker volume create docker-git-shared-cache >/dev/null
-  docker run --rm \
+  dg_project_docker volume create docker-git-shared-cache >/dev/null
+  dg_project_docker run --rm \
     -v docker-git-shared-cache:/target \
     alpine:3.20 \
     sh -euc 'mkdir -p /target && find /target -mindepth 1 -maxdepth 1 -exec rm -rf -- {} +'
@@ -59,21 +59,21 @@ on_error() {
   echo "e2e/clone-cache: failed at line $line" >&2
   docker ps -a --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}' | head -n 80 || true
   if [[ -n "$ACTIVE_CONTAINER" ]]; then
-    docker logs "$ACTIVE_CONTAINER" --tail 200 || true
+    dg_project_docker logs "$ACTIVE_CONTAINER" --tail 200 || true
   fi
   if [[ -n "$ACTIVE_CLONE_LOG" ]] && [[ -f "$ACTIVE_CLONE_LOG" ]]; then
     echo "--- host clone log ---" >&2
     cat "$ACTIVE_CLONE_LOG" >&2 || true
   fi
-  if [[ -n "$ACTIVE_OUT_DIR" ]] && [[ -f "$ACTIVE_OUT_DIR/docker-compose.yml" ]]; then
-    (cd "$ACTIVE_OUT_DIR" && docker compose ps) || true
-    (cd "$ACTIVE_OUT_DIR" && docker compose logs --no-color --tail 200) || true
+  if [[ -n "$ACTIVE_OUT_DIR" ]]; then
+    dg_project_compose "$ACTIVE_OUT_DIR" ps || true
+    dg_project_compose "$ACTIVE_OUT_DIR" logs --no-color --tail 200 || true
   fi
 }
 
 cleanup_active_case() {
-  if [[ -n "$ACTIVE_OUT_DIR" ]] && [[ -f "$ACTIVE_OUT_DIR/docker-compose.yml" ]]; then
-    (cd "$ACTIVE_OUT_DIR" && docker compose down -v --remove-orphans) >/dev/null 2>&1 || true
+  if [[ -n "$ACTIVE_OUT_DIR" ]]; then
+    dg_project_compose "$ACTIVE_OUT_DIR" down -v --remove-orphans >/dev/null 2>&1 || true
   fi
   ACTIVE_OUT_DIR=""
   ACTIVE_CONTAINER=""
@@ -100,12 +100,12 @@ wait_for_clone_completion() {
   local attempt=1
 
   while [[ "$attempt" -le "$attempts" ]]; do
-    if docker exec "$container" test -f /run/docker-git/clone.done >/dev/null 2>&1; then
+    if dg_project_docker exec "$container" test -f /run/docker-git/clone.done >/dev/null 2>&1; then
       return 0
     fi
 
-    if docker exec "$container" test -f /run/docker-git/clone.failed >/dev/null 2>&1; then
-      docker logs "$container" >&2 || true
+    if dg_project_docker exec "$container" test -f /run/docker-git/clone.failed >/dev/null 2>&1; then
+      dg_project_docker logs "$container" >&2 || true
       fail "clone failed marker found for container: $container"
     fi
 
@@ -113,7 +113,7 @@ wait_for_clone_completion() {
     attempt="$((attempt + 1))"
   done
 
-  docker logs "$container" >&2 || true
+  dg_project_docker logs "$container" >&2 || true
   fail "clone did not complete in time for container: $container"
 }
 
@@ -166,13 +166,13 @@ EOF_ENV
   fi
 
   wait_for_clone_completion "$container_name"
-  docker logs "$container_name" > "$log_path" 2>&1 || true
+  dg_project_docker logs "$container_name" > "$log_path" 2>&1 || true
 
-  docker exec -u dev "$container_name" bash -lc "test -d '$TARGET_DIR/.git'" \
+  dg_project_docker exec -u dev "$container_name" bash -lc "test -d '$TARGET_DIR/.git'" \
     || fail "expected cloned repo at: $TARGET_DIR"
 
   local branch
-  branch="$(docker exec -u dev "$container_name" bash -lc "cd '$TARGET_DIR' && git rev-parse --abbrev-ref HEAD")"
+  branch="$(dg_project_docker exec -u dev "$container_name" bash -lc "cd '$TARGET_DIR' && git rev-parse --abbrev-ref HEAD")"
   [[ "$branch" == "issue-1" ]] || fail "expected branch issue-1, got: $branch"
 
   if [[ "$expect_cache_use" == "1" ]]; then
@@ -195,6 +195,7 @@ EOF_ENV
 mkdir -p "$ROOT/.orch/auth/codex" "$ROOT/.orch/env"
 : > "$ROOT/authorized_keys"
 
+dg_run_docker_git "$REPO_ROOT" status >/dev/null
 reset_shared_clone_cache_volume
 
 run_clone_case "first" "0"
diff --git a/scripts/e2e/login-context.sh b/scripts/e2e/login-context.sh
index 343e5d80..59ec7cd0 100755
--- a/scripts/e2e/login-context.sh
+++ b/scripts/e2e/login-context.sh
@@ -35,15 +35,15 @@ on_error() {
   local line="$1"
   echo "e2e/login-context: failed at line $line" >&2
   docker ps -a --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}' | head -n 80 || true
-  if [[ -n "$ACTIVE_OUT_DIR" ]] && [[ -f "$ACTIVE_OUT_DIR/docker-compose.yml" ]]; then
-    (cd "$ACTIVE_OUT_DIR" && docker compose ps) || true
-    (cd "$ACTIVE_OUT_DIR" && docker compose logs --no-color --tail 200) || true
+  if [[ -n "$ACTIVE_OUT_DIR" ]]; then
+    dg_project_compose "$ACTIVE_OUT_DIR" ps || true
+    dg_project_compose "$ACTIVE_OUT_DIR" logs --no-color --tail 200 || true
   fi
 }
 
 cleanup_active_case() {
-  if [[ -n "$ACTIVE_OUT_DIR" ]] && [[ -f "$ACTIVE_OUT_DIR/docker-compose.yml" ]]; then
-    (cd "$ACTIVE_OUT_DIR" && docker compose down -v --remove-orphans) >/dev/null 2>&1 || true
+  if [[ -n "$ACTIVE_OUT_DIR" ]]; then
+    dg_project_compose "$ACTIVE_OUT_DIR" down -v --remove-orphans >/dev/null 2>&1 || true
   fi
   ACTIVE_OUT_DIR=""
   ACTIVE_CONTAINER=""
@@ -85,6 +85,7 @@ run_case() {
   local volume_name="dg-e2e-login-${case_name}-${RUN_ID}-home"
   local ssh_port="$(( (RANDOM % 1000) + 21000 ))"
   local login_log="/tmp/docker-git-login-context-${RUN_ID}-${case_name}.log"
+  local probe_script="$ROOT/login-context-${case_name}-probe.sh"
 
   mkdir -p "$out_dir/.orch/env"
   chmod 0777 "$out_dir" "$out_dir/.orch" "$out_dir/.orch/env"
@@ -113,9 +114,16 @@ EOF_ENV
   )
 
   rm -f "$login_log"
+  cat > "$probe_script" <<EOF_PROBE
+#!/usr/bin/env bash
+set -euo pipefail
+source "$REPO_ROOT/scripts/e2e/_lib.sh"
+dg_project_docker exec -u dev -it "$container_name" bash -lic 'exit'
+EOF_PROBE
+  chmod +x "$probe_script"
 
   set +e
-  timeout 30s script -q -e -c "docker exec -u dev -it \"$container_name\" bash -lic 'exit'" /dev/null > "$login_log" 2>&1
+  timeout 30s script -q -e -c "$probe_script" /dev/null > "$login_log" 2>&1
   local exec_exit=$?
   set -e
 
diff --git a/scripts/e2e/opencode-autoconnect.sh b/scripts/e2e/opencode-autoconnect.sh
index 7b5741a5..2fcb067e 100755
--- a/scripts/e2e/opencode-autoconnect.sh
+++ b/scripts/e2e/opencode-autoconnect.sh
@@ -43,8 +43,8 @@ on_error() {
   local line="$1"
   echo "e2e/opencode-autoconnect: failed at line $line" >&2
   docker ps -a --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}' | head -n 50 || true
-  if docker ps -a --format '{{.Names}}' | grep -qx "$CONTAINER_NAME" 2>/dev/null; then
-    docker exec -u dev "$CONTAINER_NAME" bash -lc '
+  if dg_project_docker ps -a --format '{{.Names}}' | grep -qx "$CONTAINER_NAME" 2>/dev/null; then
+    dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc '
       echo "--- auth mounts ---"
       ls -la ~/.codex ~/.codex-shared ~/.local/share/opencode 2>/dev/null || true
       echo "--- opencode auth link ---"
@@ -56,9 +56,9 @@ on_error() {
       ls -la ~/.codex-shared/opencode/auth.json 2>/dev/null || true
     ' || true
   fi
-  if [[ -d "$OUT_DIR" ]] && [[ -f "$OUT_DIR/docker-compose.yml" ]]; then
-    (cd "$OUT_DIR" && docker compose ps) || true
-    (cd "$OUT_DIR" && docker compose logs --no-color --tail 200) || true
+  if [[ -d "$OUT_DIR" ]]; then
+    dg_project_compose "$OUT_DIR" ps || true
+    dg_project_compose "$OUT_DIR" logs --no-color --tail 200 || true
   fi
 }
 
@@ -69,10 +69,10 @@ cleanup() {
     echo "e2e/opencode-autoconnect: out dir: $OUT_DIR" >&2
     return
   fi
-  (cd "$REPO_ROOT" && docker compose down -v --remove-orphans) >/dev/null 2>&1 || true
-  if [[ -d "$OUT_DIR" ]] && [[ -f "$OUT_DIR/docker-compose.yml" ]]; then
-    (cd "$OUT_DIR" && docker compose down -v --remove-orphans) >/dev/null 2>&1 || true
+  if [[ -d "$OUT_DIR" ]]; then
+    dg_project_compose "$OUT_DIR" down -v --remove-orphans >/dev/null 2>&1 || true
   fi
+  (cd "$REPO_ROOT" && docker compose down -v --remove-orphans) >/dev/null 2>&1 || true
   rm -rf "$ROOT" >/dev/null 2>&1 || true
 }
 
@@ -160,23 +160,24 @@ while [[ "$clone_attempt" -le "$clone_attempts" ]]; do
 done
 [[ "$clone_exit" -eq 0 ]] || fail "docker-git clone failed after $clone_attempts attempts (last exit: $clone_exit)"
 
-docker exec -u dev "$CONTAINER_NAME" bash -lc "test -d '$TARGET_DIR/.git'" || fail "expected repo to be cloned at: $TARGET_DIR"
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc "test -d '$TARGET_DIR/.git'" \
+  || fail "expected repo to be cloned at: $TARGET_DIR"
 
 # Basic sanity checks.
-docker ps --format '{{.Names}}' | grep -qx "$CONTAINER_NAME"
+dg_project_docker ps --format '{{.Names}}' | grep -qx "$CONTAINER_NAME"
 
-docker exec "$CONTAINER_NAME" opencode --version >/dev/null
-docker exec -u dev "$CONTAINER_NAME" oh-my-opencode --version >/dev/null
+dg_project_docker exec "$CONTAINER_NAME" opencode --version >/dev/null
+dg_project_docker exec -u dev "$CONTAINER_NAME" oh-my-opencode --version >/dev/null
 
-docker exec -u dev "$CONTAINER_NAME" bash -lc \
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc \
   'test -f ~/.config/opencode/opencode.json && grep -q "oh-my-opencode" ~/.config/opencode/opencode.json'
 
-docker exec -u dev "$CONTAINER_NAME" bash -lc \
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc \
   'test "$(readlink ~/.local/share/opencode/auth.json)" = "/home/dev/.codex-shared/opencode/auth.json"'
 
-docker exec -u dev "$CONTAINER_NAME" bash -lc 'test -f ~/.codex-shared/auth.json'
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc 'test -f ~/.codex-shared/auth.json'
 
-docker exec -u dev "$CONTAINER_NAME" bash -lc \
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc \
   'bun - <<'\''BUN'\''
 import { readFileSync } from "node:fs"
 
@@ -198,5 +199,5 @@ process.exit(1)
 BUN'
 
 # Exercises Bun-based plugin install path (regression test for BUN_INSTALL env).
-docker exec -u dev "$CONTAINER_NAME" bash -lc \
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc \
   'output="$(timeout 300s opencode models openai)" && grep -m 1 -E "^openai/" <<< "$output" >/dev/null'
diff --git a/scripts/e2e/runtime-volumes-ssh.sh b/scripts/e2e/runtime-volumes-ssh.sh
index 9d7c983d..78f16497 100755
--- a/scripts/e2e/runtime-volumes-ssh.sh
+++ b/scripts/e2e/runtime-volumes-ssh.sh
@@ -34,9 +34,9 @@ SSH_PUB_KEY="$ROOT/dev_ssh_key.pub"
 CLONE_LOG="$ROOT/clone.log"
 SSH_LOG="$ROOT/runtime-volumes-ssh.log"
 RUN_SCRIPT="$ROOT/run-runtime-volumes-ssh-clone.sh"
+SSH_PROBE_SCRIPT="$ROOT/run-runtime-volumes-ssh-probe.sh"
 # Cold controller and project image builds can be slow on GitHub-hosted runners.
 RUNTIME_CLONE_TIMEOUT="${DOCKER_GIT_E2E_RUNTIME_CLONE_TIMEOUT:-3300s}"
-HELPER_IMAGE=""
 FAILURE_DUMPED=0
 
 fail() {
@@ -55,9 +55,9 @@ on_error() {
   FAILURE_DUMPED=1
   echo "e2e/runtime-volumes-ssh: failed at line $line" >&2
   docker ps -a --format 'table {{.Names}}\t{{.Status}}\t{{.Ports}}' | head -n 80 || true
-  if docker ps -a --format '{{.Names}}' | grep -qx "$CONTAINER_NAME" 2>/dev/null; then
-    docker inspect "$CONTAINER_NAME" || true
-    docker logs "$CONTAINER_NAME" --tail 200 || true
+  if dg_project_docker ps -a --format '{{.Names}}' | grep -qx "$CONTAINER_NAME" 2>/dev/null; then
+    dg_project_docker inspect "$CONTAINER_NAME" || true
+    dg_project_docker logs "$CONTAINER_NAME" --tail 200 || true
   fi
   if [[ -f "$CLONE_LOG" ]]; then
     echo "--- clone log ---" >&2
@@ -67,9 +67,9 @@ on_error() {
     echo "--- host ssh log ---" >&2
     cat "$SSH_LOG" >&2 || true
   fi
-  if [[ -d "$OUT_DIR" ]] && [[ -f "$OUT_DIR/docker-compose.yml" ]]; then
-    (cd "$OUT_DIR" && docker compose ps) || true
-    (cd "$OUT_DIR" && docker compose logs --no-color --tail 200) || true
+  if [[ -d "$OUT_DIR" ]]; then
+    dg_project_compose "$OUT_DIR" ps || true
+    dg_project_compose "$OUT_DIR" logs --no-color --tail 200 || true
   fi
 }
 
@@ -80,11 +80,11 @@ cleanup() {
     echo "e2e/runtime-volumes-ssh: out dir: $OUT_DIR" >&2
     return
   fi
-  if [[ -d "$OUT_DIR" ]] && [[ -f "$OUT_DIR/docker-compose.yml" ]]; then
-    (cd "$OUT_DIR" && docker compose down -v --remove-orphans) >/dev/null 2>&1 || true
+  if [[ -d "$OUT_DIR" ]]; then
+    dg_project_compose "$OUT_DIR" down -v --remove-orphans >/dev/null 2>&1 || true
   fi
-  docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true
-  docker volume rm \
+  dg_project_docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true
+  dg_project_docker volume rm \
     "$VOLUME_NAME" \
     "${VOLUME_NAME}-bootstrap" \
     "${SERVICE_NAME}_${VOLUME_NAME}" \
@@ -99,6 +99,7 @@ trap cleanup EXIT
 command -v script >/dev/null 2>&1 || fail "missing 'script' command (util-linux)"
 command -v timeout >/dev/null 2>&1 || fail "missing 'timeout' command"
 command -v ssh-keygen >/dev/null 2>&1 || fail "missing 'ssh-keygen' command"
+REAL_SSH="$(command -v ssh)" || fail "missing 'ssh' command"
 
 mkdir -p "$ROOT/.orch/auth/codex"
 ssh-keygen -q -t ed25519 -N "" -C "docker-git-e2e" -f "$SSH_KEY" >/dev/null
@@ -182,10 +183,10 @@ grep -Fq -- "Project ID: " "$CLONE_LOG" \
 grep -Fq -- "Status: " "$CLONE_LOG" \
   || fail "expected clone log to print current project status"
 
-docker exec -u dev "$CONTAINER_NAME" bash -lc "test -d '$TARGET_DIR/.git'" \
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc "test -d '$TARGET_DIR/.git'" \
   || fail "expected cloned repo at: $TARGET_DIR"
 
-MOUNTS_JSON="$(docker inspect --format '{{json .Mounts}}' "$CONTAINER_NAME")"
+MOUNTS_JSON="$(dg_project_docker inspect --format '{{json .Mounts}}' "$CONTAINER_NAME")"
 MOUNTS_JSON="$MOUNTS_JSON" HOME_VOLUME_NAME="$VOLUME_NAME" bun - <<'BUN'
 const mounts = JSON.parse(process.env.MOUNTS_JSON)
 const byDestination = new Map(mounts.map((mount) => [mount.Destination, mount]))
@@ -218,37 +219,42 @@ expect(!byDestination.has("/home/dev/.codex"), "did not expect a direct bind mou
 expect(!byDestination.has("/home/dev/.ssh/authorized_keys"), "did not expect a direct bind mount for authorized_keys")
 BUN
 
-docker exec -u dev "$CONTAINER_NAME" bash -lc 'test -f ~/.docker-git/authorized_keys' \
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc 'test -f ~/.docker-git/authorized_keys' \
   || fail "expected authorized_keys to be mirrored into the home volume"
 
-docker exec -u dev "$CONTAINER_NAME" bash -lc 'test -f ~/.docker-git/.orch/env/global.env' \
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc 'test -f ~/.docker-git/.orch/env/global.env' \
   || fail "expected global env in docker-git runtime state"
 
-docker exec -u dev "$CONTAINER_NAME" bash -lc 'test -f ~/.docker-git/.orch/env/project.env' \
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc 'test -f ~/.docker-git/.orch/env/project.env' \
   || fail "expected project env in docker-git runtime state"
 
-docker exec -u dev "$CONTAINER_NAME" bash -lc 'test -d ~/.docker-git/.orch/auth/codex' \
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc 'test -d ~/.docker-git/.orch/auth/codex' \
   || fail "expected bootstrap Codex auth directory inside docker-git runtime state"
 
-docker exec -u dev "$CONTAINER_NAME" bash -lc 'test -d ~/.codex-shared' \
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc 'test -d ~/.codex-shared' \
   || fail "expected shared Codex auth volume to be mounted"
 
-docker exec -u dev "$CONTAINER_NAME" bash -lc \
+dg_project_docker exec -u dev "$CONTAINER_NAME" bash -lc \
   'test -L ~/.codex/auth.json && test "$(readlink ~/.codex/auth.json)" = "/home/dev/.codex-shared/auth.json"' \
   || fail "expected ~/.codex/auth.json to point at the shared Codex volume"
 
-HELPER_IMAGE="$(docker inspect --format '{{.Config.Image}}' "$CONTAINER_NAME")"
-
 wait_for_ssh_ready() {
   local attempts=60
   local attempt=1
 
   while [[ "$attempt" -le "$attempts" ]]; do
-    if docker run --rm --network host \
-      -v "$ROOT":/mnt \
-      --entrypoint bash \
-      "$HELPER_IMAGE" \
-      -lc "ssh -i /mnt/dev_ssh_key -T -o BatchMode=yes -o ConnectTimeout=2 -o ConnectionAttempts=1 -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT dev@localhost true" \
+    if dg_project_ssh_to_container "$CONTAINER_NAME" "$REAL_SSH" \
+      -i "$SSH_KEY" \
+      -T \
+      -o BatchMode=yes \
+      -o ConnectTimeout=2 \
+      -o ConnectionAttempts=1 \
+      -o LogLevel=ERROR \
+      -o StrictHostKeyChecking=no \
+      -o UserKnownHostsFile=/dev/null \
+      -p "$SSH_PORT" \
+      dev@localhost \
+      true \
       >/dev/null 2>&1; then
       return 0
     fi
@@ -262,10 +268,25 @@ wait_for_ssh_ready() {
 
 wait_for_ssh_ready || fail "ssh did not become ready on localhost:$SSH_PORT"
 
+cat > "$SSH_PROBE_SCRIPT" <<EOF_SSH_PROBE
+#!/usr/bin/env bash
+set -euo pipefail
+source "$REPO_ROOT/scripts/e2e/_lib.sh"
+dg_project_ssh_to_container "$CONTAINER_NAME" "$REAL_SSH" \\
+  -i "$SSH_KEY" \\
+  -tt \\
+  -Y \\
+  -o LogLevel=ERROR \\
+  -o StrictHostKeyChecking=no \\
+  -o UserKnownHostsFile=/dev/null \\
+  -p "$SSH_PORT" \\
+  dev@localhost \\
+  "bash -lic 'codex --version >/dev/null && exit'"
+EOF_SSH_PROBE
+chmod +x "$SSH_PROBE_SCRIPT"
+
 set +e
-timeout 45s script -q -e -c \
-  "docker run --rm -i -t --network host -v \"$ROOT\":/mnt --entrypoint bash \"$HELPER_IMAGE\" -lc \"ssh -i /mnt/dev_ssh_key -tt -Y -o LogLevel=ERROR -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $SSH_PORT dev@localhost \\\"bash -lic 'codex --version >/dev/null && exit'\\\"\"" \
-  /dev/null >"$SSH_LOG" 2>&1
+timeout 45s script -q -e -c "$SSH_PROBE_SCRIPT" /dev/null >"$SSH_LOG" 2>&1
 ssh_exit=$?
 set -e