From b03dc936df8ed25a659f5c650921169fcadfac09 Mon Sep 17 00:00:00 2001
From: anoracleofra-code <anoracleofra@gmail.com>
Date: Thu, 26 Mar 2026 15:28:44 -0600
Subject: [PATCH] fix: auto-enable raw secure storage fallback in Docker
 containers

Docker/Linux containers have no DPAPI or native keyring, causing all
wormhole persona/gate/identity endpoints to crash with
SecureStorageError. Detect /.dockerenv and auto-allow raw fallback
so mesh features work out of the box in Docker.
---
 backend/services/mesh/mesh_secure_storage.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/backend/services/mesh/mesh_secure_storage.py b/backend/services/mesh/mesh_secure_storage.py
index cd02e9f..349f77c 100644
--- a/backend/services/mesh/mesh_secure_storage.py
+++ b/backend/services/mesh/mesh_secure_storage.py
@@ -189,11 +189,28 @@ def _is_windows() -> bool:
     return os.name == "nt"
 
 
+def _is_docker_container() -> bool:
+    """Detect if we're running inside a Docker container."""
+    if os.path.isfile("/.dockerenv"):
+        return True
+    try:
+        with open("/proc/1/cgroup", "r") as f:
+            if "docker" in f.read():
+                return True
+    except OSError:
+        pass
+    return os.environ.get("container") == "docker"
+
+
 def _raw_fallback_allowed() -> bool:
     if _is_windows():
         return False
     if os.environ.get("PYTEST_CURRENT_TEST"):
         return True
+    # Docker containers have no DPAPI or native keyring — auto-allow raw
+    # fallback so that Wormhole secure storage works out of the box.
+    if _is_docker_container():
+        return True
     try:
         from services.config import get_settings