fix(playwright): run codegen and replay containers as host user

Run Playwright Docker containers with the current host UID/GID to avoid
root-owned files in bind-mounted workspaces.

- Add --user UID:GID and HOME override to codegen and replay
- Harden replay workspace cleanup against leftover permission issues

https://chatgpt.com/share/6984a73c-14a0-800f-a40d-778972e518b7

scripts/codegen.sh

@@ -37,6 +37,10 @@ require_cmd xhost
 
 : "${DISPLAY:=:0}"
 
+# Run containers as the current host user to avoid root-owned files in bind mounts.
+USER_ID="$(id -u)"
+GROUP_ID="$(id -g)"
+
 ROOT="$(repo_root)"
 REC_DIR="${ROOT}/${RECORDINGS_DIR}"
 WORK_DIR="${REC_DIR}/.work"
@@ -107,6 +111,8 @@ if [[ -n "${START_URL}" ]]; then
 fi
 
 docker run --rm -it \
+  --user "${USER_ID}:${GROUP_ID}" \
+  -e HOME=/tmp \
   --ipc=host \
   --network host \
   -e "DISPLAY=${DISPLAY}" \

scripts/replay.sh

@@ -38,6 +38,10 @@ repo_root() {
 
 require_cmd docker
 
+# Run containers as the current host user to avoid root-owned files in bind mounts.
+USER_ID="$(id -u)"
+GROUP_ID="$(id -g)"
+
 ROOT="$(repo_root)"
 REC_DIR="${ROOT}/${RECORDINGS_DIR}"
 
@@ -46,7 +50,12 @@ REC_DIR="${ROOT}/${RECORDINGS_DIR}"
 # Build ephemeral workspace
 WORK_DIR="${REC_DIR}/.replay-work"
 
-rm -rf "${WORK_DIR}"
+# Robust cleanup: handle possible permission issues from previous runs.
+if [[ -e "${WORK_DIR}" ]]; then
+  chmod -R u+rwX "${WORK_DIR}" 2>/dev/null || true
+  rm -rf "${WORK_DIR}" 2>/dev/null || true
+fi
+
 mkdir -p "${WORK_DIR}/tests"
 
 cleanup() {
@@ -97,6 +106,8 @@ echo "Tests        : ${TEST_FILE:-all recordings}"
 echo
 
 docker run --rm \
+  --user "${USER_ID}:${GROUP_ID}" \
+  -e HOME=/tmp \
   -v "${WORK_DIR}:/work" \
   -w /work \
   "${PLAYWRIGHT_IMAGE}" \