From 15db44f9ec71e53b6d2a91c021c1ec08d3c5f53f Mon Sep 17 00:00:00 2001
From: mkorwel <matt.korwel@gmail.com>
Date: Wed, 18 Mar 2026 12:39:36 -0700
Subject: [PATCH] fix(workspaces): apply sudo to all remote sync calls in setup

---
 .gemini/skills/workspaces/scripts/setup.ts | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/.gemini/skills/workspaces/scripts/setup.ts b/.gemini/skills/workspaces/scripts/setup.ts
index 7ec6d2ad33..eaa0c3c47c 100644
--- a/.gemini/skills/workspaces/scripts/setup.ts
+++ b/.gemini/skills/workspaces/scripts/setup.ts
@@ -215,13 +215,14 @@ and full builds) to a dedicated, high-performance GCP worker.
 
   console.log(`\n📦 Synchronizing Logic & Credentials...`);
   await provider.exec(`mkdir -p ~/dev/main ~/.gemini/policies ~/.workspaces/scripts`);
-  await provider.sync('.gemini/skills/workspaces/scripts/', `${persistentScripts}/`, { delete: true });
-  await provider.sync('.gemini/skills/workspaces/policy.toml', `~/.gemini/policies/workspace-policy.toml`);
+  await provider.sync('.gemini/skills/workspaces/scripts/', `${persistentScripts}/`, { delete: true, sudo: true });
+  await provider.sync('.gemini/skills/workspaces/policy.toml', `~/.gemini/policies/workspace-policy.toml`, { sudo: true });
 
   if (fs.existsSync(path.join(env.HOME || '', '.gemini/google_accounts.json'))) {
-    await provider.sync(path.join(env.HOME || '', '.gemini/google_accounts.json'), `~/.gemini/google_accounts.json`);
+    await provider.sync(path.join(env.HOME || '', '.gemini/google_accounts.json'), `${remoteConfigDir}/google_accounts.json`, { sudo: true });
   }
 
+
   if (githubToken) {
     await provider.exec(`mkdir -p ~/.workspaces && echo ${githubToken} > ~/.workspaces/.gh_token && chmod 600 ~/.workspaces/.gh_token`);
   }
@@ -239,12 +240,12 @@ and full builds) to a dedicated, high-performance GCP worker.
   };
   const tmpSettingsPath = path.join(os.tmpdir(), `remote-settings-${Date.now()}.json`);
   fs.writeFileSync(tmpSettingsPath, JSON.stringify(remoteSettings, null, 2));
-  await provider.sync(tmpSettingsPath, `${remoteConfigDir}/settings.json`);
+  await provider.sync(tmpSettingsPath, `${remoteConfigDir}/settings.json`, { sudo: true });
   fs.unlinkSync(tmpSettingsPath);
 
   // Sync credentials into the isolated config as well
   if (fs.existsSync(path.join(env.HOME || '', '.gemini/google_accounts.json'))) {
-    await provider.sync(path.join(env.HOME || '', '.gemini/google_accounts.json'), `${remoteConfigDir}/google_accounts.json`);
+    await provider.sync(path.join(env.HOME || '', '.gemini/google_accounts.json'), `${remoteConfigDir}/google_accounts.json`, { sudo: true });
   }
 
   // Final Repo Sync