chore: bump toolchain (RTK/Caveman/codegraph) + add install.sh (claude-box) & GHCR-first Getting started#1
Merged
Merged
Conversation
Toolchain (tools/package.json, lockfile regenerated inside node:22): - @anthropic-ai/claude-code 2.1.159 → 2.1.177 - @agentclientprotocol/claude-agent-acp 0.39.0 → 0.44.0 (pulls claude-agent-sdk 0.3.170) - @fission-ai/openspec 1.3.1 → 1.4.1 - @colbymchenry/codegraph 0.9.8 → 1.0.0 (major) - pnpm 11.5.0 → 11.6.0, prettier 3.8.3 → 3.8.4, eslint 10.4.1 → 10.5.0 Dockerfile build args: - RTK v0.42.0 → v0.42.4 (sha256 refreshed for amd64 + arm64) - Caveman v1.8.2 → v1.9.0 Docs synced (CLAUDE.md, README.md); README: new "Getting started" copy-paste quickstart. Validated on a local amd64 build: build exit 0, version-gate passed, RTK 0.42.4 verified, Caveman v1.9.0 plugin install OK, `codegraph serve --mcp` present in 1.0.0, and `claude mcp list` → all 4 MCP servers (codegraph, sequential-thinking, context7, perplexity) ✔ Connected. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…image The prior quickstart forced `git clone` + `./build.sh`, which defeats the point of the CI-built GHCR image. New flow: pull the published image and run it with a self-contained, hardened `docker run` — no repo clone, no wrapper script. - token saved once globally in ~/.config/claude-standalone/claude.env (fetched from raw GitHub), reused from any project - honest note: the hardening flags (--cap-drop=ALL, --user, tmpfs, network) plus $(id -u)/$PWD are runtime-only and cannot be baked into an image (Docker's security model) — so the command is long by necessity; don't strip it - optional shell-function wrapper, git-identity + deploy-key push env, and OS-keyring token storage (Linux libsecret / macOS Keychain) - GHCR package must be public for anonymous pull — documented as prerequisite Verified on the local image: the exact shipped `docker run` (real entrypoint, cap-drop=ALL + tmpfs HOME + --user host-uid) boots dumb-init -> start-claude.sh -> claude 2.1.177, HOME-copy succeeds, /workspace writable as host uid; the non-interactive --print error is the expected "needs a TTY" (the command uses -it). .env.example reachable via raw GitHub (HTTP 200). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Changing package visibility is a repo-owner action, not something image users need in the public README. The package is now public — anonymous `docker pull` works (verified: anonymous manifest HTTP 200, multi-arch amd64+arm64), so the prerequisite reduces to Docker + an OAuth token. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add install.sh — `curl … | bash` pulls the GHCR image, stores the OAuth token once in ~/.config/claude-standalone/claude.env (chmod 600, raw KEY=value as required by docker --env-file), and installs an executable `claude-box` launcher into ~/.local/bin: the full hardened `docker run`, cross-shell, no rc edits. Supports --uninstall and a non-interactive path (CLAUDE_CODE_OAUTH_TOKEN in env); reads the token with `read -s` from /dev/tty; keeps an existing token on re-run. README: Getting started now leads with the installer; the manual `docker run` stays as the no-installer path (env-file format spelled out, keyring as option). CLAUDE.md: install.sh added to Files of Interest. Validated (HOME-isolated): non-interactive install → real GHCR pull, env-file chmod 600 with a token-only raw line, executable launcher (bash -n OK); idempotent re-run preserves the token and regenerates the launcher; `claude-box` reaches `docker run` (the TTY error in the non-tty test means the command is well-formed); --uninstall removes the launcher and keeps config. The `--env-file` auth path was separately confirmed via `claude mcp list`. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed
Two things: bump the pinned container toolchain, and make the image usable without cloning the repo —
a one-line installer plus a rewritten, GHCR-first Getting started.
Toolchain (
tools/package.json, lockfile regenerated inside node:22)@anthropic-ai/claude-code@agentclientprotocol/claude-agent-acp@fission-ai/openspec@colbymchenry/codegraphpnpmprettiereslintDockerfile build args
v0.42.0→v0.42.4(sha256 refreshed for amd64 + arm64)v1.8.2→v1.9.0Installer + docs
install.sh—curl … | bashpulls the GHCR image, stores the OAuth token once in~/.config/claude-standalone/claude.env(chmod 600, rawKEY=valueas docker--env-filerequires), and installs an executable
claude-boxlauncher into~/.local/bin(the fullhardened
docker run, cross-shell, no rc edits).--uninstall, non-interactive path(
CLAUDE_CODE_OAUTH_TOKENin env),read -sfrom/dev/tty, keeps an existing token on re-run.README.md— Getting started rewritten: leads with the installer; manualdocker runkept asthe no-installer path (env-file format spelled out, OS-keyring as an option). All version literals
synced (verified:
git grepfor old literals is empty).CLAUDE.md— version literals synced;install.shadded to Files of Interest.$(id -u)/$PWDare runtime-only and cannot bebaked into an image — that's why
claude-boxwraps the full command rather than trimming it.Validation (local build, amd64)
./build.sh→ exit 0; version-gate passed (all CLI--version)0.42.4verified; Cavemanv1.9.0plugin install OK (--only claude --no-mcp-shrink)codegraph serve --mcppresent;claude mcp list→ codegraph,sequential-thinking, context7, perplexity — all ✔ Connected
initializeJSON-RPC handshake → valid reply,protocolVersion 1, version 0.44.0docker runquickstart: exact shipped form (real entrypoint,cap-drop=ALL+ tmpfs HOME +--userhost-uid) boots claude 2.1.177; HOME-copy OK;/workspacewritable as host uid;--env-fileauth path confirmed viaclaude mcp listinstall.sh(HOME-isolated): non-interactive install → real GHCR pull; env-filechmod 600,single raw token line; launcher executable (
bash -nOK); idempotent re-run preserves token ®enerates launcher;
claude-boxreachesdocker run(TTY error in the non-tty test = commandwell-formed);
--uninstallremoves launcher, keeps configdocker pullworks (anonymous manifest HTTP 200, amd64 + arm64)lockfileVersion 3, all six per-platform optionalDeps of codegraph@1.0.0 (incl. linux-arm64)build (amd64)✓,build (arm64)✓Notes
@modelcontextprotocol/sdk 0.6.0viaperplexity-mcp) — unchanged,decision on record.
run_claude.shet al.) are NOT removed — kept as the cloned-repo flow.🤖 Generated with Claude Code