Skip to content

chore: bump toolchain (RTK/Caveman/codegraph) + add install.sh (claude-box) & GHCR-first Getting started#1

Merged
intech merged 4 commits into
mainfrom
chore/bump-versions
Jun 13, 2026
Merged

chore: bump toolchain (RTK/Caveman/codegraph) + add install.sh (claude-box) & GHCR-first Getting started#1
intech merged 4 commits into
mainfrom
chore/bump-versions

Conversation

@intech

@intech intech commented Jun 13, 2026

Copy link
Copy Markdown
Member

What changed

Two things: bump the pinned container toolchain, and make the image usable without cloning the repo —
a one-line installer plus a rewritten, GHCR-first Getting started.

Toolchain (tools/package.json, lockfile regenerated inside node:22)

Package From To
@anthropic-ai/claude-code 2.1.159 2.1.177
@agentclientprotocol/claude-agent-acp 0.39.0 0.44.0 (pulls claude-agent-sdk 0.3.170)
@fission-ai/openspec 1.3.1 1.4.1
@colbymchenry/codegraph 0.9.8 1.0.0 (major)
pnpm 11.5.0 11.6.0
prettier 3.8.3 3.8.4
eslint 10.4.1 10.5.0

Dockerfile build args

  • RTK v0.42.0v0.42.4 (sha256 refreshed for amd64 + arm64)
  • Caveman v1.8.2v1.9.0

Installer + docs

  • install.shcurl … | bash pulls the GHCR image, stores the OAuth token once in
    ~/.config/claude-standalone/claude.env (chmod 600, raw KEY=value as docker --env-file
    requires), and installs an executable claude-box launcher into ~/.local/bin (the full
    hardened docker run, cross-shell, no rc edits). --uninstall, non-interactive path
    (CLAUDE_CODE_OAUTH_TOKEN in env), read -s from /dev/tty, keeps an existing token on re-run.
  • README.md — Getting started rewritten: leads with the installer; manual docker run kept as
    the no-installer path (env-file format spelled out, OS-keyring as an option). All version literals
    synced (verified: git grep for old literals is empty).
  • CLAUDE.md — version literals synced; install.sh added to Files of Interest.
  • Honest note in the README: hardening flags and $(id -u)/$PWD are runtime-only and cannot be
    baked into an image — that's why claude-box wraps the full command rather than trimming it.

Validation (local build, amd64)

  • ./build.sh → exit 0; version-gate passed (all CLI --version)
  • RTK 0.42.4 verified; Caveman v1.9.0 plugin install OK (--only claude --no-mcp-shrink)
  • codegraph 1.0.0 (major): codegraph serve --mcp present; claude mcp list → codegraph,
    sequential-thinking, context7, perplexity — all ✔ Connected
  • ACP 0.44.0: initialize JSON-RPC handshake → valid reply, protocolVersion 1, version 0.44.0
  • docker run quickstart: exact shipped form (real entrypoint, cap-drop=ALL + tmpfs HOME +
    --user host-uid) boots claude 2.1.177; HOME-copy OK; /workspace writable as host uid;
    --env-file auth path confirmed via claude mcp list
  • install.sh (HOME-isolated): non-interactive install → real GHCR pull; env-file chmod 600,
    single raw token line; launcher executable (bash -n OK); idempotent re-run preserves token &
    regenerates launcher; claude-box reaches docker run (TTY error in the non-tty test = command
    well-formed); --uninstall removes launcher, keeps config
  • GHCR package is public — anonymous docker pull works (anonymous manifest HTTP 200, amd64 + arm64)
  • lockfile: lockfileVersion 3, all six per-platform optionalDeps of codegraph@1.0.0 (incl. linux-arm64)
  • CI: build (amd64) ✓, build (arm64)

Notes

  • arm64 not built locally — confirmed by the native CI build.
  • 2 high severity (nested @modelcontextprotocol/sdk 0.6.0 via perplexity-mcp) — unchanged,
    decision on record.
  • Existing wrapper scripts (run_claude.sh et al.) are NOT removed — kept as the cloned-repo flow.

🤖 Generated with Claude Code

intech and others added 4 commits June 13, 2026 13:33
Toolchain (tools/package.json, lockfile regenerated inside node:22):
- @anthropic-ai/claude-code 2.1.159 → 2.1.177
- @agentclientprotocol/claude-agent-acp 0.39.0 → 0.44.0 (pulls claude-agent-sdk 0.3.170)
- @fission-ai/openspec 1.3.1 → 1.4.1
- @colbymchenry/codegraph 0.9.8 → 1.0.0 (major)
- pnpm 11.5.0 → 11.6.0, prettier 3.8.3 → 3.8.4, eslint 10.4.1 → 10.5.0

Dockerfile build args:
- RTK v0.42.0 → v0.42.4 (sha256 refreshed for amd64 + arm64)
- Caveman v1.8.2 → v1.9.0

Docs synced (CLAUDE.md, README.md); README: new "Getting started" copy-paste quickstart.

Validated on a local amd64 build: build exit 0, version-gate passed, RTK 0.42.4
verified, Caveman v1.9.0 plugin install OK, `codegraph serve --mcp` present in 1.0.0,
and `claude mcp list` → all 4 MCP servers (codegraph, sequential-thinking, context7,
perplexity) ✔ Connected.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…image

The prior quickstart forced `git clone` + `./build.sh`, which defeats the point
of the CI-built GHCR image. New flow: pull the published image and run it with a
self-contained, hardened `docker run` — no repo clone, no wrapper script.

- token saved once globally in ~/.config/claude-standalone/claude.env (fetched
  from raw GitHub), reused from any project
- honest note: the hardening flags (--cap-drop=ALL, --user, tmpfs, network) plus
  $(id -u)/$PWD are runtime-only and cannot be baked into an image (Docker's
  security model) — so the command is long by necessity; don't strip it
- optional shell-function wrapper, git-identity + deploy-key push env, and
  OS-keyring token storage (Linux libsecret / macOS Keychain)
- GHCR package must be public for anonymous pull — documented as prerequisite

Verified on the local image: the exact shipped `docker run` (real entrypoint,
cap-drop=ALL + tmpfs HOME + --user host-uid) boots dumb-init -> start-claude.sh
-> claude 2.1.177, HOME-copy succeeds, /workspace writable as host uid; the
non-interactive --print error is the expected "needs a TTY" (the command uses
-it). .env.example reachable via raw GitHub (HTTP 200).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Changing package visibility is a repo-owner action, not something image users
need in the public README. The package is now public — anonymous `docker pull`
works (verified: anonymous manifest HTTP 200, multi-arch amd64+arm64), so the
prerequisite reduces to Docker + an OAuth token.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add install.sh — `curl … | bash` pulls the GHCR image, stores the OAuth token
once in ~/.config/claude-standalone/claude.env (chmod 600, raw KEY=value as
required by docker --env-file), and installs an executable `claude-box` launcher
into ~/.local/bin: the full hardened `docker run`, cross-shell, no rc edits.
Supports --uninstall and a non-interactive path (CLAUDE_CODE_OAUTH_TOKEN in env);
reads the token with `read -s` from /dev/tty; keeps an existing token on re-run.

README: Getting started now leads with the installer; the manual `docker run`
stays as the no-installer path (env-file format spelled out, keyring as option).
CLAUDE.md: install.sh added to Files of Interest.

Validated (HOME-isolated): non-interactive install → real GHCR pull, env-file
chmod 600 with a token-only raw line, executable launcher (bash -n OK);
idempotent re-run preserves the token and regenerates the launcher; `claude-box`
reaches `docker run` (the TTY error in the non-tty test means the command is
well-formed); --uninstall removes the launcher and keeps config. The `--env-file`
auth path was separately confirmed via `claude mcp list`.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@intech intech changed the title chore: bump pinned toolchain + RTK/Caveman, add README quickstart chore: bump toolchain (RTK/Caveman/codegraph) + add install.sh (claude-box) & GHCR-first Getting started Jun 13, 2026
@intech intech merged commit 089e913 into main Jun 13, 2026
3 checks passed
@intech intech deleted the chore/bump-versions branch June 13, 2026 11:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant