…Podman

Issue

- #1233

Summary

- Added chmod 777 langflow-data to the ensure-langflow-data Makefile target so all make dev-* targets pre-create the directory with world-writable permissions, matching the behaviour already present in test-ci
- Added pre-creation of the Langflow data directory with os.chmod(0o777) in setup_host_directories() so the TUI (uvx openrag) path no longer relies on Docker/Podman to create the directory on-the-fly with
incorrect ownership
- Added _resolve_langflow_data_path() helper to read the configured LANGFLOW_DATA_PATH from the TUI .env, honouring user-customised absolute paths and falling back to ~/.openrag/data/langflow-data for empty or
relative values; relative paths emit a warning and fall back to the default since CWD is unpredictable in the TUI context

Factory Reset

- Added deletion of the Langflow data directory to _factory_reset_with_data_clear() in the TUI monitor screen, mirroring the factory-reset Makefile target which already removed ./langflow-data
- Shared _resolve_langflow_data_path() used in factory reset to target the same directory that was pre-created at startup, including a safety guard that refused deletion of any path resolving outside the
user's home directory

Legacy Data Migration

- Added langflow-data to migrate_legacy_data_directories() migration mappings so users upgrading from a Makefile-based setup had their ./langflow-data directory copied to ~/.openrag/data/langflow-data on first
TUI startup
- Added langflow_data_path to both .env update blocks in migrate_legacy_data_directories() (fresh-install path and post-copy path) so LANGFLOW_DATA_PATH was normalised to the absolute TUI default alongside all
other data paths

…Podman

Issue

- #1233

Summary

- Fixed Langflow data directory permission error on macOS with Podman

Container Entrypoint

- Added scripts/langflow-entrypoint.py, a Python entrypoint script that runs as root at container startup
- Entrypoint corrects /app/langflow-data bind-mount permissions (chmod 0o777) to work around macOS + Podman virtiofs not propagating host-side chmod into the container
- After fixing permissions, the entrypoint drops privileges from root to uid/gid 1000 (langflow user) before exec-ing the main process

Dockerfile Changes

- Copied scripts/langflow-entrypoint.py into the image at /usr/local/bin/langflow-entrypoint with executable permissions (--chmod=755)
- Switched to USER root after the COPY so the entrypoint has the privileges needed to correct bind-mount ownership at runtime
- Set ENTRYPOINT ["langflow-entrypoint"] so the permission-fix logic runs before the default CMD

…Podman

Issue

- #1233

Summary

- Fixed Langflow container startup failure on macOS with Podman caused by incorrect HOME environment variable after privilege drop.

Bug Fix

- Added pwd module import to look up the passwd entry for uid 1000 before dropping privileges.
- After dropping from root to uid/gid 1000, restored HOME and USER environment variables to reflect the unprivileged user.
- Added fallback values (/app and langflow) if uid 1000 has no passwd entry.

Root Cause

- When the container ran as root (USER root in the Dockerfile), HOME was set to /root.
- After os.setuid(1000), the HOME variable remained /root, causing uv to attempt writing to /root/.cache/uv — a directory the now-unprivileged process could not access.
- This manifested specifically on macOS with Podman due to how that runtime handles volume mount ownership.