fix: replace mountBucket() with direct s3fs mount to prevent passwd duplication

sandbox.mountBucket() manages the s3fs passwd file from the orchestration
layer outside the container and appends a new credential entry on every
call.  Because the container persists across Worker invocations the entries
accumulate and s3fs refuses to mount with "multiple entries for the same
bucket(default) in the passwd file."  In-container cleanup (rm, sort -u)
cannot reach the orchestration-layer file.

Replace mountBucket() with direct s3fs mounting inside the container,
following the pattern from the Cloudflare Containers FUSE-mount docs:

1. Write credentials to /etc/passwd-s3fs via startProcess (overwrite, not
   append — always exactly one entry)
2. Run s3fs directly inside the container
3. Verify the mount succeeded

Credentials are passed via process env vars (R2_KEY, R2_SECRET) to avoid
embedding secrets in the command string.

The in-flight promise lock is retained to coalesce concurrent callers
within the same Worker isolate.

https://claude.ai/code/session_01E5t9gPHDGGrTUWeagkDjVo

Author: claude

src/gateway/r2.test.ts

@@ -65,8 +65,15 @@ describe('mountR2Storage', () => {
   });
 
   describe('mounting behavior', () => {
-    it('mounts R2 bucket when credentials provided and not already mounted', async () => {
-      const { sandbox, mountBucketMock } = createMockSandbox({ mounted: false });
+    it('mounts R2 via s3fs when credentials provided and not already mounted', async () => {
+      const { sandbox, startProcessMock } = createMockSandbox({ mounted: false });
+      // isR2Mounted (not mounted) → passwd setup → s3fs mount → isR2Mounted (mounted)
+      startProcessMock
+        .mockResolvedValueOnce(createMockProcess(''))   // isR2Mounted check
+        .mockResolvedValueOnce(createMockProcess(''))   // passwd file write
+        .mockResolvedValueOnce(createMockProcess(''))   // s3fs mount
+        .mockResolvedValueOnce(createMockProcess('s3fs on /data/moltbot type fuse.s3fs\n'));  // verify
+
       const env = createMockEnvWithR2({
         R2_ACCESS_KEY_ID: 'key123',
         R2_SECRET_ACCESS_KEY: 'secret',
@@ -76,159 +83,152 @@ describe('mountR2Storage', () => {
       const result = await mountR2Storage(sandbox, env);
 
       expect(result).toBe(true);
-      expect(mountBucketMock).toHaveBeenCalledWith('moltbot-data', '/data/moltbot', {
-        endpoint: 'https://account123.r2.cloudflarestorage.com',
-        credentials: {
-          accessKeyId: 'key123',
-          secretAccessKey: 'secret',
-        },
-      });
+      // Verify passwd file is written with env vars (not embedded in command)
+      expect(startProcessMock).toHaveBeenCalledWith(
+        expect.stringContaining('passwd-s3fs'),
+        expect.objectContaining({
+          env: { R2_KEY: 'key123', R2_SECRET: 'secret' },
+        }),
+      );
+      // Verify s3fs mount command
+      expect(startProcessMock).toHaveBeenCalledWith(
+        expect.stringContaining('s3fs moltbot-data /data/moltbot'),
+      );
     });
 
     it('uses custom bucket name from R2_BUCKET_NAME env var', async () => {
-      const { sandbox, mountBucketMock } = createMockSandbox({ mounted: false });
-      const env = createMockEnvWithR2({
-        R2_ACCESS_KEY_ID: 'key123',
-        R2_SECRET_ACCESS_KEY: 'secret',
-        CF_ACCOUNT_ID: 'account123',
-        R2_BUCKET_NAME: 'moltbot-e2e-test123',
-      });
+      const { sandbox, startProcessMock } = createMockSandbox({ mounted: false });
+      startProcessMock
+        .mockResolvedValueOnce(createMockProcess(''))
+        .mockResolvedValueOnce(createMockProcess(''))
+        .mockResolvedValueOnce(createMockProcess(''))
+        .mockResolvedValueOnce(createMockProcess('s3fs on /data/moltbot type fuse.s3fs\n'));
+
+      const env = createMockEnvWithR2({ R2_BUCKET_NAME: 'custom-bucket' });
 
       const result = await mountR2Storage(sandbox, env);
 
       expect(result).toBe(true);
-      expect(mountBucketMock).toHaveBeenCalledWith(
-        'moltbot-e2e-test123',
-        '/data/moltbot',
-        expect.any(Object),
+      expect(startProcessMock).toHaveBeenCalledWith(
+        expect.stringContaining('s3fs custom-bucket /data/moltbot'),
       );
     });
 
     it('returns true immediately when bucket is already mounted', async () => {
-      const { sandbox, mountBucketMock } = createMockSandbox({ mounted: true });
+      const { sandbox, startProcessMock } = createMockSandbox({ mounted: true });
       const env = createMockEnvWithR2();
 
       const result = await mountR2Storage(sandbox, env);
 
       expect(result).toBe(true);
-      expect(mountBucketMock).not.toHaveBeenCalled();
+      // Only one startProcess call (the isR2Mounted check) — no mount attempted
+      expect(startProcessMock).toHaveBeenCalledTimes(1);
       expect(console.log).toHaveBeenCalledWith('R2 bucket already mounted at', '/data/moltbot');
     });
 
-    it('logs success message when mounted successfully', async () => {
-      const { sandbox } = createMockSandbox({ mounted: false });
-      const env = createMockEnvWithR2();
-
-      await mountR2Storage(sandbox, env);
-
-      expect(console.log).toHaveBeenCalledWith(
-        'R2 bucket mounted successfully - moltbot data will persist across sessions',
-      );
-    });
-  });
-
-  describe('error handling', () => {
-    it('returns false when mountBucket throws and mount check fails', async () => {
+    it('does not call mountBucket — uses direct s3fs instead', async () => {
       const { sandbox, mountBucketMock, startProcessMock } = createMockSandbox({ mounted: false });
-      mountBucketMock.mockRejectedValue(new Error('Mount failed'));
-      // isR2Mounted (not mounted) → deduplicateS3fsPasswd → isR2Mounted after error (not mounted)
       startProcessMock
         .mockResolvedValueOnce(createMockProcess(''))
         .mockResolvedValueOnce(createMockProcess(''))
-        .mockResolvedValueOnce(createMockProcess(''));
+        .mockResolvedValueOnce(createMockProcess(''))
+        .mockResolvedValueOnce(createMockProcess('s3fs on /data/moltbot type fuse.s3fs\n'));
 
       const env = createMockEnvWithR2();
 
-      const result = await mountR2Storage(sandbox, env);
+      await mountR2Storage(sandbox, env);
 
-      expect(result).toBe(false);
-      expect(console.error).toHaveBeenCalledWith('Failed to mount R2 bucket:', expect.any(Error));
+      expect(mountBucketMock).not.toHaveBeenCalled();
     });
+  });
 
-    it('returns true if mount fails but check shows it is actually mounted', async () => {
-      const { sandbox, mountBucketMock, startProcessMock } = createMockSandbox();
+  describe('error handling', () => {
+    it('returns false when s3fs mount fails and post-mount check fails', async () => {
+      const { sandbox, startProcessMock } = createMockSandbox({ mounted: false });
       startProcessMock
-        .mockResolvedValueOnce(createMockProcess(''))  // isR2Mounted before mount
-        .mockResolvedValueOnce(createMockProcess(''))  // deduplicateS3fsPasswd
-        .mockResolvedValueOnce(createMockProcess('s3fs on /data/moltbot type fuse.s3fs\n'));  // isR2Mounted after error
-
-      mountBucketMock.mockRejectedValue(new Error('Transient error'));
+        .mockResolvedValueOnce(createMockProcess(''))               // isR2Mounted (not mounted)
+        .mockResolvedValueOnce(createMockProcess(''))               // passwd write
+        .mockResolvedValueOnce(createMockProcess('', { exitCode: 1, stderr: 'mount error' }))  // s3fs fails
+        .mockResolvedValueOnce(createMockProcess(''))               // verify (not mounted)
+        .mockResolvedValueOnce(createMockProcess(''));              // final check (not mounted)
 
       const env = createMockEnvWithR2();
 
       const result = await mountR2Storage(sandbox, env);
 
-      expect(result).toBe(true);
-      expect(console.log).toHaveBeenCalledWith('R2 bucket is mounted despite error');
+      expect(result).toBe(false);
+      expect(console.error).toHaveBeenCalledWith(
+        'Failed to mount R2 bucket: s3fs mount did not succeed',
+      );
     });
 
-    it('deduplicates passwd and retries s3fs on "multiple entries" error', async () => {
-      const { sandbox, mountBucketMock, startProcessMock } = createMockSandbox({ mounted: false });
-      mountBucketMock.mockRejectedValue(
-        new Error('S3FSMountError: s3fs: there are multiple entries for the same bucket(default)'),
-      );
+    it('returns true if mount check passes despite errors during setup', async () => {
+      const { sandbox, startProcessMock } = createMockSandbox();
       startProcessMock
-        .mockResolvedValueOnce(createMockProcess(''))  // isR2Mounted before mount
-        .mockResolvedValueOnce(createMockProcess(''))  // deduplicateS3fsPasswd (pre-mount)
-        // After "multiple entries" error:
-        .mockResolvedValueOnce(createMockProcess(''))  // deduplicateS3fsPasswd (retry)
-        .mockResolvedValueOnce(createMockProcess(''))  // s3fs direct retry
-        .mockResolvedValueOnce(                        // isR2Mounted after retry
-          createMockProcess('s3fs on /data/moltbot type fuse.s3fs\n'),
-        );
+        .mockResolvedValueOnce(createMockProcess(''))               // isR2Mounted (not mounted)
+        .mockRejectedValueOnce(new Error('startProcess failed'))    // passwd write throws
+        .mockResolvedValueOnce(createMockProcess('s3fs on /data/moltbot type fuse.s3fs\n'));  // final check
 
       const env = createMockEnvWithR2();
 
       const result = await mountR2Storage(sandbox, env);
 
       expect(result).toBe(true);
       expect(console.log).toHaveBeenCalledWith(
-        'Deduplicating s3fs passwd files and retrying mount...',
+        'R2 bucket is mounted despite errors during setup',
       );
-      expect(console.log).toHaveBeenCalledWith('R2 bucket is mounted despite error');
     });
   });
 
   describe('concurrent mount protection', () => {
-    it('only calls mountBucket once when invoked concurrently', async () => {
-      const { sandbox, mountBucketMock } = createMockSandbox({ mounted: false });
+    it('only runs mount once when invoked concurrently', async () => {
+      const { sandbox, startProcessMock } = createMockSandbox({ mounted: false });
+      startProcessMock
+        .mockResolvedValueOnce(createMockProcess(''))   // isR2Mounted
+        .mockResolvedValueOnce(createMockProcess(''))   // passwd write
+        .mockResolvedValueOnce(createMockProcess(''))   // s3fs mount
+        .mockResolvedValueOnce(createMockProcess('s3fs on /data/moltbot type fuse.s3fs\n'));  // verify
+
       const env = createMockEnvWithR2();
 
-      // Fire two mount calls concurrently (simulates waitUntil + catch-all race)
       const [result1, result2] = await Promise.all([
         mountR2Storage(sandbox, env),
         mountR2Storage(sandbox, env),
       ]);
 
       expect(result1).toBe(true);
       expect(result2).toBe(true);
-      // mountBucket should only have been called once despite two concurrent callers
-      expect(mountBucketMock).toHaveBeenCalledTimes(1);
+      // s3fs mount command should only run once
+      const mountCalls = startProcessMock.mock.calls.filter((call: unknown[]) =>
+        (call[0] as string).startsWith('mkdir -p'),
+      );
+      expect(mountCalls).toHaveLength(1);
     });
 
     it('resets lock after failure so next attempt can retry', async () => {
-      const { sandbox, mountBucketMock, startProcessMock } = createMockSandbox({ mounted: false });
-      // First attempt: mount fails and post-error check also says not mounted
-      mountBucketMock.mockRejectedValueOnce(new Error('Mount failed'));
+      const { sandbox, startProcessMock } = createMockSandbox({ mounted: false });
+      // First attempt: all checks fail
       startProcessMock
-        .mockResolvedValueOnce(createMockProcess(''))  // isR2Mounted before mount
-        .mockResolvedValueOnce(createMockProcess(''))  // deduplicateS3fsPasswd
-        .mockResolvedValueOnce(createMockProcess(''));  // isR2Mounted after error
+        .mockResolvedValueOnce(createMockProcess(''))   // isR2Mounted
+        .mockResolvedValueOnce(createMockProcess(''))   // passwd write
+        .mockResolvedValueOnce(createMockProcess('', { exitCode: 1 }))  // s3fs fails
+        .mockResolvedValueOnce(createMockProcess(''))   // verify (not mounted)
+        .mockResolvedValueOnce(createMockProcess(''));   // final check (not mounted)
 
       const env = createMockEnvWithR2();
 
       const result1 = await mountR2Storage(sandbox, env);
       expect(result1).toBe(false);
 
-      // Second attempt should be allowed (lock was released)
-      mountBucketMock.mockResolvedValueOnce(undefined);
+      // Second attempt should work (lock was released)
       startProcessMock
-        .mockResolvedValueOnce(createMockProcess(''))  // isR2Mounted before mount
-        .mockResolvedValueOnce(createMockProcess(''));  // deduplicateS3fsPasswd
+        .mockResolvedValueOnce(createMockProcess(''))   // isR2Mounted
+        .mockResolvedValueOnce(createMockProcess(''))   // passwd write
+        .mockResolvedValueOnce(createMockProcess(''))   // s3fs mount
+        .mockResolvedValueOnce(createMockProcess('s3fs on /data/moltbot type fuse.s3fs\n'));  // verify
 
       const result2 = await mountR2Storage(sandbox, env);
       expect(result2).toBe(true);
-      expect(mountBucketMock).toHaveBeenCalledTimes(2);
     });
   });
 });