fix: suppress Claude Code workspace trust prompt on provisioned VMs (#2192)

The "Quick safety check: Is this a project you created or one you trust?"
prompt fires per-workspace and is not suppressed by hasCompletedOnboarding
or --dangerously-skip-permissions (anthropics/claude-code#28506).

Fix: inject a workspace trust entry keyed by $HOME into ~/.claude.json
with hasTrustDialogAccepted: true. The JSON is now constructed on the
remote side so $HOME resolves to the actual path (/root, /home/user, etc).

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

packages/cli/src/shared/agent-setup.ts

@@ -145,17 +145,22 @@ async function setupClaudeCodeConfig(runner: CloudRunner, apiKey: string): Promi
     "dangerouslySkipPermissions": true
   }
 }`;
-  const globalState = `{
-  "hasCompletedOnboarding": true,
-  "bypassPermissionsModeAccepted": true
-}`;
 
   const settingsB64 = Buffer.from(settingsJson).toString("base64");
-  const stateB64 = Buffer.from(globalState).toString("base64");
 
-  await runner.runServer(
-    `mkdir -p ~/.claude && printf '%s' '${settingsB64}' | base64 -d > ~/.claude/settings.json && chmod 600 ~/.claude/settings.json && printf '%s' '${stateB64}' | base64 -d > ~/.claude.json && chmod 600 ~/.claude.json && touch ~/.claude/CLAUDE.md`,
-  );
+  // Build ~/.claude.json on the remote using $HOME so the workspace trust
+  // entry uses the actual home directory path (e.g. /root, /home/user).
+  // This pre-accepts the "Quick safety check" trust dialog for the home dir.
+  const stateScript = [
+    "mkdir -p ~/.claude",
+    `printf '%s' '${settingsB64}' | base64 -d > ~/.claude/settings.json`,
+    "chmod 600 ~/.claude/settings.json",
+    'printf \'{"hasCompletedOnboarding":true,"bypassPermissionsModeAccepted":true,"%s":{"hasTrustDialogAccepted":true}}\\n\' "$HOME" > ~/.claude.json',
+    "chmod 600 ~/.claude.json",
+    "touch ~/.claude/CLAUDE.md",
+  ].join(" && ");
+
+  await runner.runServer(stateScript);
   logInfo("Claude Code configured");
 }