Add devcontainer configuration and README

[rammrain]

Summary

• Add .devcontainer/devcontainer.json with Java 17 (Temurin), GitHub CLI, and Gradle cache warm-up
• Create README.md with devcontainer setup instructions (VS Code, IntelliJ, Codespaces, CLI) and build commands
• Update CLAUDE.md with devcontainer section

Closes #4

Test plan

• Open project in VS Code with Dev Containers extension and verify container builds
• Run ./gradlew build and ./gradlew test inside the container
• Verify yolo alias works in container shell

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation

  • Added a comprehensive README with project overview, prerequisites, onboarding, and recommended devcontainer workflow; updated CLAUDE guidance to mention devcontainer tooling.

• Chores

  • Added a devcontainer to standardise the development environment (Java 17, Gradle wrapper, GitHub CLI, Node) and run initial setup.
  • Added startup automation for GitHub CLI authentication and pre-warmed build dependencies.
  • Ignored a local token file and added a hook to block accidental token reads.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a devcontainer configuration for a Java 17 development environment, supporting scripts for setup and GitHub CLI authentication, documentation updates (README and CLAUDE.md), a Claude hook and settings to block access to a local GitHub token file, and a gitignore entry for the token file.

Changes

Cohort / File(s)	Summary
Devcontainer manifest & ignore .devcontainer/devcontainer.json, .gitignore	New devcontainer definition using mcr.microsoft.com/devcontainers/java:17 with github-cli and node features; mounts a named volume for Claude settings; .devcontainer/github-token added to .gitignore.
Devcontainer setup & auth scripts .devcontainer/setup.sh, .devcontainer/gh-auth.sh	Adds setup.sh to fix ownership, install @anthropic-ai/claude-code, append a yolo alias and pre-warm Gradle; adds gh-auth.sh to read .devcontainer/github-token and run gh auth login --with-token and gh auth setup-git if present.
Documentation README.md, CLAUDE.md	New README.md describing the Montonio Java SDK, Java/Gradle requirements, devcontainer and local onboarding, and Gradle commands; CLAUDE.md gains a Devcontainer section listing included tooling.
Claude hooks/config .claude/hooks/block-token-read.sh, .claude/settings.json	Adds a PreToolUse command hook and script that inspects tool_input.file_path and returns a JSON deny decision when the path contains .devcontainer/github-token.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hop into a container bright,
Java warmed and Gradle light,
Tokens tucked where paws can't peek,
Scripts hum softly, builds run sleek,
Come nibble code — the sandbox is right.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarises the main change: adding devcontainer configuration and README documentation.
Linked Issues check	✅ Passed	The PR meets all coding requirements from issue #4: devcontainer configuration with Java 17, Gradle integration, GitHub CLI, updated documentation in README and CLAUDE.md, and verified build/test execution.
Out of Scope Changes check	✅ Passed	All changes align with issue #4 objectives. Additional security measures (token access blocking via Claude hooks) and Claude Code integration represent reasonable enhancements supporting the devcontainer setup.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/devcontainer-setup

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

README.md (1)

43-43: Optional en-GB wording tweak: “Licence”.

If you want strict en-GB consistency in docs, rename the heading to “Licence”.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` at line 43, Rename the markdown heading "## License" to the
British English spelling "## Licence" in the README to maintain en-GB
consistency; update any internal links or references that point to the "License"
heading (e.g., anchor references or TOC entries) to use the new "Licence" text
so cross-links continue to work.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@README.md`:
- Line 14: Update the README sentence to clarify Gradle usage: change "Gradle
pre-installed" to indicate the project uses the Gradle wrapper (./gradlew)
rather than a system Gradle binary; reference the devcontainer configuration
(devcontainer.json) and the wrapper script ./gradlew in the phrasing so readers
understand the container provides Java 17 and Gradle via the wrapper rather than
a global Gradle installation.

---

Nitpick comments:
In `@README.md`:
- Line 43: Rename the markdown heading "## License" to the British English
spelling "## Licence" in the README to maintain en-GB consistency; update any
internal links or references that point to the "License" heading (e.g., anchor
references or TOC entries) to use the new "Licence" text so cross-links continue
to work.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f6a09dcc-bdcb-497b-92f5-4de74f0fd181

📥 Commits

Reviewing files that changed from the base of the PR and between 0c77d54 and e4ba85b.

📒 Files selected for processing (3)

• .devcontainer/devcontainer.json
• CLAUDE.md
• README.md

[rammrain]

Re: en-GB "Licence" nitpick — the repository already has a LICENSE file (standard naming for open-source repos on GitHub), so using "License" in the heading keeps it consistent with the actual filename. No change needed here.

[coderabbitai]

🧹 Nitpick comments (1)

README.md (1)

43-45: Consider British English spelling for "Licence".

In British English (en-GB), the noun form is typically spelled "Licence" rather than "License". However, "LICENSE" is the standard filename convention in open source projects, so this is purely a stylistic consideration.

Optional British English spelling adjustment

-## License
+## Licence
 
 [MIT](LICENSE)

Note: The filename LICENSE should remain unchanged as it's a widely recognised convention.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` around lines 43 - 45, Change the README header "## License" to the
British English noun spelling "## Licence" while leaving the LICENSE filename
unchanged; update any references in README that point to the LICENSE file to
keep the file name as "LICENSE" (do not rename the file), and ensure any link
text that should display British spelling uses "Licence" (e.g., change the
header and link label but keep the href target as LICENSE).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@README.md`:
- Around line 43-45: Change the README header "## License" to the British
English noun spelling "## Licence" while leaving the LICENSE filename unchanged;
update any references in README that point to the LICENSE file to keep the file
name as "LICENSE" (do not rename the file), and ensure any link text that should
display British spelling uses "Licence" (e.g., change the header and link label
but keep the href target as LICENSE).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0d6a48e2-fb63-4e33-87b7-2d8be5291858

📥 Commits

Reviewing files that changed from the base of the PR and between e4ba85b and 2aefcfd.

📒 Files selected for processing (1)

• README.md

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

.devcontainer/setup.sh (2)

11-11: Make the alias append idempotent.

Line 11 will duplicate yolo entries when the setup step is re-run. Guard before appending.

Proposed change

 echo "==> Configuring shell aliases..."
-echo 'alias yolo="claude --dangerously-skip-permissions"' >> ~/.bashrc
+grep -qxF 'alias yolo="claude --dangerously-skip-permissions"' ~/.bashrc || \
+  echo 'alias yolo="claude --dangerously-skip-permissions"' >> ~/.bashrc

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.devcontainer/setup.sh at line 11, The alias line for "alias yolo=\"claude
--dangerously-skip-permissions\"" is being appended unconditionally and will
duplicate on repeated runs; change the setup to first check ~/.bashrc for an
existing exact alias yolo entry (matching the full alias string) and only append
the alias if that check fails, so use a guard that searches for the exact alias
line before writing to ~/.bashrc to make the operation idempotent.

---

8-8: Pin the Claude CLI version for reproducible environments.

Line 8 installs the latest package every time, which can drift and break onboarding unexpectedly. Pin a known-good version to ensure consistent development environments.

Proposed change

 echo "==> Installing Claude Code CLI..."
-npm install -g `@anthropic-ai/claude-code`
+CLAUDE_CODE_VERSION="2.1.97"
+npm install -g "@anthropic-ai/claude-code@${CLAUDE_CODE_VERSION}"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.devcontainer/setup.sh at line 8, The global install currently uses a
floating tag "npm install -g `@anthropic-ai/claude-code`", which allows the CLI to
drift; change this to a pinned version by replacing that invocation with a
specific semver or exact tag (e.g.,
`@anthropic-ai/claude-code`@<known-good-version>) so the devcontainer installs a
reproducible CLI; update the line that references "@anthropic-ai/claude-code" in
setup.sh to use the chosen pinned version and document the version chosen in a
comment nearby.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.devcontainer/gh-auth.sh:
- Around line 10-24: The script currently reads the PAT from TOKEN_FILE without
enforcing restrictive filesystem permissions; update the logic around
TOKEN_FILE/TOKEN to ensure owner-only permissions (e.g., mode 600) before
reading or exit with a warning if permissions are too permissive. Specifically,
add a check after confirming TOKEN_FILE exists to examine its mode and if it's
more permissive than owner-read/write, either chmod it to 600 or print a clear
error and abort; then read TOKEN into TOKEN as before and keep the existing
empty-file check. Use the TOKEN_FILE and TOKEN identifiers to locate where to
insert this permission check and remedial chmod.
- Around line 26-27: The startup currently aborts due to set -euo pipefail when
the commands gh auth login and gh auth setup-git fail; change the logic to first
check gh authentication status (gh auth status) and only attempt echo "$TOKEN" |
gh auth login --with-token if not already authenticated, and make both the login
and gh auth setup-git non-fatal by catching failures (e.g., conditionally
running login or appending a non-fatal fallback so failures don't exit the
script). Ensure you reference and adjust the gh auth status check, the gh auth
login pipeline, and gh auth setup-git so transient network/credential errors are
short-circuited or logged without aborting container startup.

---

Nitpick comments:
In @.devcontainer/setup.sh:
- Line 11: The alias line for "alias yolo=\"claude
--dangerously-skip-permissions\"" is being appended unconditionally and will
duplicate on repeated runs; change the setup to first check ~/.bashrc for an
existing exact alias yolo entry (matching the full alias string) and only append
the alias if that check fails, so use a guard that searches for the exact alias
line before writing to ~/.bashrc to make the operation idempotent.
- Line 8: The global install currently uses a floating tag "npm install -g
`@anthropic-ai/claude-code`", which allows the CLI to drift; change this to a
pinned version by replacing that invocation with a specific semver or exact tag
(e.g., `@anthropic-ai/claude-code`@<known-good-version>) so the devcontainer
installs a reproducible CLI; update the line that references
"@anthropic-ai/claude-code" in setup.sh to use the chosen pinned version and
document the version chosen in a comment nearby.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c9816ea8-415d-4f3c-8ad8-b0cab5d95079

📥 Commits

Reviewing files that changed from the base of the PR and between b5a3564 and 6544a1b.

📒 Files selected for processing (6)

• .claude/hooks/block-token-read.sh
• .claude/settings.json
• .devcontainer/devcontainer.json
• .devcontainer/gh-auth.sh
• .devcontainer/setup.sh
• .gitignore

✅ Files skipped from review due to trivial changes (3)

• .claude/settings.json
• .devcontainer/devcontainer.json
• .gitignore

[rammrain]

Re: pinning Claude CLI version — intentionally left unpinned. Claude Code updates frequently and we want developers to get the latest version on container creation. Pinning would require constant maintenance with no real benefit since Claude Code maintains backward compatibility. The alias append idempotency fix was applied in e78bd65.