fix: run migrations on startup and respect LEXECON_DATA_DIR for all DB paths

- Add start.sh: runs migrations/run_all.py then exec uvicorn (no server
  starts without migrations completing first; exits non-zero on failure)
- Dockerfile: copy start.sh, use it as CMD, extend healthcheck start-period
  to 60s to allow migration time, fix /app chown for non-root user
- railway.toml: update startCommand to /bin/sh /app/start.sh
- dependencies.py: replace all hardcoded DB filenames with paths resolved
  under LEXECON_DATA_DIR (defaults to "." for local dev). Covers:
  lexecon_ledger.db, lexecon_auth.db, lexecon_responsibility.db,
  lexecon_export_audit.db, lexecon_keys/, lexecon_interventions.db,
  lexecon_usage.db, lexecon_auth.db (TenancyService)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: Lexecon Dev

Dockerfile

@@ -52,11 +52,12 @@ COPY --from=python-builder /build/pyproject.toml .
 # Copy React build output
 COPY --from=frontend-builder /frontend/build ./static
 
-# Copy migrations
+# Copy migrations and startup script
 COPY migrations/ ./migrations/
+COPY start.sh ./start.sh
 
 # Create data directory
-RUN mkdir -p /data/.lexecon && chown -R lexecon:lexecon /data
+RUN mkdir -p /data/.lexecon && chown -R lexecon:lexecon /data /app
 
 # Set environment variables
 ENV PATH=/home/lexecon/.local/bin:$PATH \
@@ -72,11 +73,11 @@ USER lexecon
 EXPOSE 8000
 
 # Health check using curl instead of python+requests
-HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
     CMD curl -sf http://localhost:8000/health || exit 1
 
 # Use tini as init system
 ENTRYPOINT ["/usr/bin/tini", "--"]
 
-# Run server
-CMD sh -c "python -m uvicorn lexecon.api.server:app --host 0.0.0.0 --port ${PORT:-8000}"
+# Run migrations then start server
+CMD ["/bin/sh", "/app/start.sh"]

railway.toml

@@ -3,7 +3,7 @@ builder = "DOCKERFILE"
 dockerfilePath = "Dockerfile"
 
 [deploy]
-startCommand = "uvicorn lexecon.api.server:app --host 0.0.0.0 --port $PORT"
+startCommand = "/bin/sh /app/start.sh"
 healthcheckPath = "/health"
 healthcheckTimeout = 100
 restartPolicyType = "ON_FAILURE"

src/lexecon/api/dependencies.py

@@ -43,19 +43,26 @@ class ServiceRegistry:
     _instance: Optional["ServiceRegistry"] = None
 
     def __init__(self) -> None:
+        # ── Resolve data directory (honours LEXECON_DATA_DIR in Docker/Railway) ──
+        _data_dir = os.getenv("LEXECON_DATA_DIR", ".")
+        os.makedirs(_data_dir, exist_ok=True)
+
+        def _db(name: str) -> str:
+            return os.path.join(_data_dir, name)
+
         # ── Eager services (created at import time in the old code) ──
-        self.storage: LedgerStorage = LedgerStorage("lexecon_ledger.db")
+        self.storage: LedgerStorage = LedgerStorage(_db("lexecon_ledger.db"))
         self.ledger: LedgerChain = LedgerChain(storage=self.storage)
-        self.responsibility_storage: ResponsibilityStorage = ResponsibilityStorage("lexecon_responsibility.db")
+        self.responsibility_storage: ResponsibilityStorage = ResponsibilityStorage(_db("lexecon_responsibility.db"))
         self.responsibility_tracker: ResponsibilityTracker = ResponsibilityTracker(storage=self.responsibility_storage)
         self.node_id: str = str(uuid.uuid4())
         self.startup_time: float = time.time()
 
         # Security services
-        self.auth_service: AuthService = AuthService("lexecon_auth.db")
+        self.auth_service: AuthService = AuthService(_db("lexecon_auth.db"))
         self.async_auth_service: AsyncAuthService = AsyncAuthService(self.auth_service)
-        self.audit_service: AuditService = AuditService("lexecon_export_audit.db")
-        self.signature_service: SignatureService = SignatureService("lexecon_keys")
+        self.audit_service: AuditService = AuditService(_db("lexecon_export_audit.db"))
+        self.signature_service: SignatureService = SignatureService(_db("lexecon_keys"))
 
         # OIDC OAuth service
         from lexecon.security.oidc_service import get_oidc_service
@@ -106,7 +113,8 @@ def initialize(self) -> None:
 
         if self.intervention_storage is None:
             from lexecon.compliance.eu_ai_act.storage import InterventionStorage
-            self.intervention_storage = InterventionStorage("lexecon_interventions.db")
+            _data_dir = os.getenv("LEXECON_DATA_DIR", ".")
+            self.intervention_storage = InterventionStorage(os.path.join(_data_dir, "lexecon_interventions.db"))
 
         if self.oversight_system is None:
             from lexecon.compliance.eu_ai_act.article_14_oversight import HumanOversightEvidence
@@ -134,10 +142,12 @@ def initialize(self) -> None:
             )
 
         if self.usage_service is None:
-            self.usage_service = UsageService("lexecon_usage.db")
+            _data_dir = os.getenv("LEXECON_DATA_DIR", ".")
+            self.usage_service = UsageService(os.path.join(_data_dir, "lexecon_usage.db"))
 
         if self.tenancy_service is None:
-            self.tenancy_service = TenancyService("lexecon_auth.db")
+            _data_dir = os.getenv("LEXECON_DATA_DIR", ".")
+            self.tenancy_service = TenancyService(os.path.join(_data_dir, "lexecon_auth.db"))
 
         if self.compliance_mapping_service is None:
             self.compliance_mapping_service = ComplianceMappingService()

start.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+# Lexecon startup: run migrations then start the API server.
+set -e
+
+DATA_DIR="${LEXECON_DATA_DIR:-.}"
+AUTH_DB="${DATA_DIR}/lexecon_auth.db"
+
+echo "[start] data dir: ${DATA_DIR}"
+mkdir -p "${DATA_DIR}"
+
+echo "[start] running migrations against ${AUTH_DB}..."
+python /app/migrations/run_all.py "${AUTH_DB}"
+
+echo "[start] starting uvicorn on port ${PORT:-8000}..."
+exec python -m uvicorn lexecon.api.server:app \
+    --host 0.0.0.0 \
+    --port "${PORT:-8000}" \
+    --workers "${LEXECON_WORKERS:-1}"