fix: CI/CD permission fix

backend/Dockerfile

@@ -51,6 +51,10 @@ RUN mkdir -p /app/migrations/features /app/migrations/core
 COPY --from=builder /app/src/features /app/migrations/features
 COPY --from=builder /app/src/core /app/migrations/core
 
+# Copy entrypoint script for permission checks
+COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+
 # Change ownership to non-root user
 RUN chown -R nodejs:nodejs /app
 
@@ -64,8 +68,8 @@ EXPOSE 3001
 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
   CMD node -e "require('http').get('http://localhost:3001/health', (res) => { process.exit(res.statusCode === 200 ? 0 : 1) }).on('error', () => process.exit(1))"
 
-# Use dumb-init for proper signal handling
-ENTRYPOINT ["dumb-init", "--"]
+# Use dumb-init with entrypoint for permission checks
+ENTRYPOINT ["dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
 
 # Run production application with auto-migrate (idempotent)
 CMD ["sh", "-lc", "node dist/_system/migrations/run-all.js && npm start"]

backend/scripts/docker-entrypoint.sh

@@ -0,0 +1,32 @@
+#!/bin/sh
+# docker-entrypoint.sh
+# Ensures data directories have correct permissions on container startup
+
+set -e
+
+echo "Checking data directory permissions..."
+
+# Directories that need to be writable by nodejs user (UID 1001)
+DATA_DIRS="/app/data/backups /app/data/documents"
+
+for dir in $DATA_DIRS; do
+  if [ ! -d "$dir" ]; then
+    echo "Creating directory: $dir"
+    mkdir -p "$dir"
+  fi
+
+  # Check if we can write to the directory
+  if ! touch "$dir/.write-test" 2>/dev/null; then
+    echo "WARNING: Cannot write to $dir"
+    echo "This may cause backup/document operations to fail"
+    echo "Fix: Run 'sudo chown -R 1001:1001 ./data' on the host"
+  else
+    rm "$dir/.write-test"
+  fi
+done
+
+echo "Permission checks complete"
+echo "Starting application..."
+
+# Execute the CMD from Dockerfile
+exec "$@"