diff --git a/CLAUDE.md b/CLAUDE.md index 210ce4a..c01bb34 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -13,10 +13,10 @@ This is a security-hardened Docker container that runs Claude Code with pre-inst The container is built on Node.js 22 (LTS) with the following layers: 1. **Base System** - Debian Trixie (glibc 2.41) with hardened security settings -2. **Toolchain (npm)** - All global npm CLIs installed via `npm ci` from `tools/package.json` + `tools/package-lock.json` (sha512-integrity, exact pinned versions, no `@latest`). Bins exposed via PATH (`/opt/toolchain/node_modules/.bin`). Includes Claude Code (2.1.159), OpenSpec (1.3.1), CodeGraph (0.9.8), caveman-shrink (0.1.0), the MCP servers, and dev tools (pnpm 11.5.0, typescript 6.0.3, ts-node 10.9.2, prettier 3.8.3, eslint 10.4.1) +2. **Toolchain (npm)** - All global npm CLIs installed via `npm ci` from `tools/package.json` + `tools/package-lock.json` (sha512-integrity, exact pinned versions, no `@latest`). Bins exposed via PATH (`/opt/toolchain/node_modules/.bin`). Includes Claude Code (2.1.177), OpenSpec (1.4.1), CodeGraph (1.0.0), caveman-shrink (0.1.0), the MCP servers, and dev tools (pnpm 11.6.0, typescript 6.0.3, ts-node 10.9.2, prettier 3.8.4, eslint 10.5.0) 3. **OpenSpec** - initialized into `/workspace` at build time with telemetry disabled via `OPENSPEC_TELEMETRY=0` 4. **RTK** - Rust Token Killer; static musl binary in `/usr/local/bin` (version via `RTK_VERSION` build arg, sha256-verified); `rtk init -g --auto-patch` installs a Claude Code PreToolUse hook that rewrites Bash commands through `rtk` -5. **Caveman** - Output-compression skill for Claude Code, installed at build time via its plugin mechanism (`claude plugin install`), pinned to tag `v1.8.2` +5. **Caveman** - Output-compression skill for Claude Code, installed at build time via its plugin mechanism (`claude plugin install`), pinned to tag `v1.9.0` 6. **CodeGraph** - Code knowledge graph exposed as an MCP server (`@colbymchenry/codegraph`); ships a vendored prebuilt binary, runtime GitHub download disabled via `CODEGRAPH_NO_DOWNLOAD=1` 7. **MCP Servers** - Configured from MCP JSON configs; all stdio servers use pre-installed bins (no runtime `npx`) @@ -209,9 +209,9 @@ gate runs each dev tool's `--version` to catch an incompatible engine (this is h pnpm 11 vs Node 20 mismatch was caught before the base was bumped to Node 22). **Build-time variables** (set during `docker build`): -- `RTK_VERSION` - Git tag of the RTK release to download (default: `v0.42.0`); RTK is a +- `RTK_VERSION` - Git tag of the RTK release to download (default: `v0.42.4`); RTK is a GitHub-release binary, not npm. Override directly: `docker build --build-arg RTK_VERSION=...` -- `RTK_SHA256` - sha256 of the RTK tarball (default matches `v0.42.0`); bump together with +- `RTK_SHA256` - sha256 of the RTK tarball (default matches `v0.42.4`); bump together with `RTK_VERSION` or the integrity check fails by design **Runtime variables** (set when running container): @@ -289,19 +289,19 @@ Two extra entrypoints exist beside the autonomous `run_claude.sh`; they share th - Telemetry is opt-out only via the `OPENSPEC_TELEMETRY=0` env var (no `telemetry.enabled` config key exists); set as baked-in ENV, covering build and runtime - Source: https://github.com/Fission-AI/OpenSpec - **RTK** - Rust Token Killer; CLI proxy that filters/compresses command output to cut LLM token usage (`rtk` binary) - - Static musl binary downloaded from GitHub releases into `/usr/local/bin`; pinned via `RTK_VERSION` build arg (default `v0.42.0`), no Rust toolchain needed + - Static musl binary downloaded from GitHub releases into `/usr/local/bin`; pinned via `RTK_VERSION` build arg (default `v0.42.4`), no Rust toolchain needed - `rtk init -g --auto-patch` runs at build time (as the `claude` user): installs a **Claude Code PreToolUse hook** that transparently rewrites Bash commands (`git status` → `rtk git status`), writes `~/RTK.md`, and patches `~/.bashrc` - `-g` targets Claude Code (there is no `--agent claude`); `--auto-patch` makes init non-interactive - Runtime needs only the `rtk` binary in PATH + the hook; no daemon. Optional config at `~/.config/rtk/config.toml` - Source: https://github.com/rtk-ai/rtk - **Caveman** - Output-compression skill for Claude Code (terse "caveman-speak"), reduces output tokens (~65%) - - Installed at build time via `npx -y github:JuliusBrussee/caveman#v1.8.2 --non-interactive --only claude` (as the `claude` user; requires Node.js >= 18) + - Installed at build time via `npx -y github:JuliusBrussee/caveman#v1.9.0 --non-interactive --only claude` (as the `claude` user; requires Node.js >= 18) - For the `claude` provider the installer uses the Claude Code **plugin mechanism** (`claude plugin marketplace add` + `claude plugin install caveman@caveman`) and wires hooks (by default it would also add a `caveman-shrink` MCP entry — suppressed here with `--no-mcp-shrink`, see below) - **Verified by build:** the `claude plugin marketplace add` + `claude plugin install` steps succeed during `docker build` — `marketplace add` is a public HTTPS git clone and `plugin install` is a local copy, so neither hits the Claude auth API (and `configure-claude.sh` has already written `~/.claude.json` by that layer). Skill + hooks are installed. Not made best-effort, so any future failure stays visible - Installed with **`--no-mcp-shrink`**: caveman's auto-registration wired `caveman-shrink` as a standalone MCP server with no upstream command, which always `✗ Failed to connect` (it is middleware, not a server). Instead `caveman-shrink` is pre-installed globally and applied as a wrapper around the codegraph MCP server (see CodeGraph / MCP Servers) - Source: https://github.com/JuliusBrussee/caveman - **CodeGraph** - Pre-indexed code knowledge graph (symbols, call graph, impact) served to agents over MCP (`codegraph` binary) - - Installed via `npm ci` from the locked toolchain (`@colbymchenry/codegraph@0.9.8`); also registered as the `codegraph` MCP server, wrapped by `caveman-shrink` to compress its (verbose) tool descriptions — verified `✓ Connected` (see "MCP Servers") + - Installed via `npm ci` from the locked toolchain (`@colbymchenry/codegraph@1.0.0`); also registered as the `codegraph` MCP server, wrapped by `caveman-shrink` to compress its (verbose) tool descriptions — verified `✓ Connected` (see "MCP Servers") - **Not pure JS:** the npm package is a thin shim; the real artifact is a per-platform optionalDependency (`@colbymchenry/codegraph-linux-x64`) bundling a vendored Node 24 runtime + prebuilt binary. `codegraph --help` at build time verifies the binary runs (**verified**: the vendored Node 24 binary runs on `node:22-trixie-slim`) - `CODEGRAPH_NO_DOWNLOAD=1` (baked-in ENV) forbids the shim's runtime fallback that fetches the binary from GitHub Releases — the binary must come from the npm registry only - 100% local: local SQLite index (`.codegraph/codegraph.db`, FTS5), no API keys, no external services @@ -386,6 +386,7 @@ Inside the debug shell, you can run diagnostics manually: - `.env.example` - Example environment variables for MCP servers - `.env` - Your local environment variables (create from .env.example) - `.dockerignore` - Files excluded from Docker build context +- `install.sh` - One-line installer (`curl … | bash`): pulls the GHCR image, stores the OAuth token in `~/.config/claude-standalone/claude.env` (chmod 600), and installs a `claude-box` launcher into `~/.local/bin` (the hardened `docker run` wrapped as an executable; supports `--uninstall` and a non-interactive path via `CLAUDE_CODE_OAUTH_TOKEN`) - `run_claude.sh` - Main entry point for running Claude Code (autonomous agent) - `run_acp.sh` - ACP entry point for IDE use (Zed); launched BY the editor over stdio - `.devcontainer/devcontainer.json` - Dev Container definition (interactive dev inside the image) diff --git a/Dockerfile b/Dockerfile index b3b0cd2..7cebc9e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ ARG USER_NAME=claude # dev tools) are NOT build args — they are pinned in tools/package.json and locked # in tools/package-lock.json (installed via `npm ci`). Change versions there. # RTK is a GitHub-release binary (not npm), so it keeps a version + sha256 arg. -ARG RTK_VERSION=v0.42.0 +ARG RTK_VERSION=v0.42.4 # Create non-root user with specific UID/GID. # Free the requested UID/GID if the base image already uses it (node:22 ships a @@ -68,9 +68,9 @@ RUN DELTA_VERSION="0.19.2" && \ # contains a single binary `rtk` placed in /usr/local/bin. RUN case "$TARGETARCH" in \ amd64) RTK_ASSET="rtk-x86_64-unknown-linux-musl.tar.gz"; \ - RTK_SHA256="cdd4f87ac97ce958f71b53a991880d6adcc41cc5bca1044175a64630980152be";; \ + RTK_SHA256="34975116da11e09e502501daf758143e0b22ed3a42a10eb67fb693a6270d9e36";; \ arm64) RTK_ASSET="rtk-aarch64-unknown-linux-gnu.tar.gz"; \ - RTK_SHA256="62bb749df1ed64f09149998c31de864932f047a1be4e0f882a8ceada849e0871";; \ + RTK_SHA256="cc2b91c064eb670c097c184913c8fbcb1a943d53d7fe505375e96ba0c5b6459f";; \ *) echo "unsupported TARGETARCH for RTK: $TARGETARCH" >&2; exit 1;; \ esac && \ curl -fsSL "https://github.com/rtk-ai/rtk/releases/download/${RTK_VERSION}/${RTK_ASSET}" -o /tmp/rtk.tar.gz && \ @@ -214,7 +214,7 @@ RUN rtk init -g --auto-patch # Caveman: output-compression skill for Claude Code. For the `claude` provider # the installer uses the Claude Code plugin mechanism (`claude plugin marketplace # add` + `claude plugin install caveman@caveman`) and also wires hooks. -# Pinned to tag v1.8.2 (non-interactive, claude only). NOTE: a commit-SHA ref +# Pinned to tag v1.9.0 (non-interactive, claude only). NOTE: a commit-SHA ref # (`#a025122…`) would be more immutable, but `npx github:…#<40-char-sha>` fails # with "GitFetcher requires an Arborist constructor to pack a tarball" (npm git # fetcher limitation) — the tag ref is what actually installs. The tag's mutability @@ -239,7 +239,7 @@ RUN rtk init -g --auto-patch # auth API); caveman's SessionStart/UserPromptSubmit hooks merge into the same # settings.json alongside RTK's PreToolUse hook. Not made best-effort so any # future failure stays visible. -RUN npx -y github:JuliusBrussee/caveman#v1.8.2 --non-interactive --only claude --no-mcp-shrink +RUN npx -y github:JuliusBrussee/caveman#v1.9.0 --non-interactive --only claude --no-mcp-shrink # Create simple startup script for runtime. # --remote-control: start with Remote Control enabled by default (per project diff --git a/README.md b/README.md index 944f9f7..e5424f5 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,95 @@ as an autonomous agent over your project. Built on Node.js 22 LTS (Debian Trixie multi-arch (linux/amd64 + linux/arm64), with a pinned, lockfile-controlled CLI toolchain and a curated set of MCP servers. +## Getting started + +The prebuilt multi-arch image is published to GHCR — **you don't clone this repo or build anything**. +Requires Docker and a Claude Code OAuth token (`claude setup-token`). + +### Quick install (Linux / macOS) + +```bash +curl -fsSL https://raw.githubusercontent.com/highload-zone/claude-code-standalone/main/install.sh | bash +``` + +The installer pulls the GHCR image, asks for your OAuth token once (stored in +`~/.config/claude-standalone/claude.env`, `chmod 600`), and installs a `claude-box` launcher into +`~/.local/bin`. Then, from any project directory (mounted **read-write**): + +```bash +claude-box # hardened agent over the current directory +claude-box --model opus # extra args pass through to claude +``` + +If `~/.local/bin` isn't on your `PATH`, the installer prints the line to add (e.g. +`echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc`). + +```bash +# inspect before running (it's curl | bash, after all): +curl -fsSL https://raw.githubusercontent.com/highload-zone/claude-code-standalone/main/install.sh -o install.sh +less install.sh && bash install.sh + +CLAUDE_CODE_OAUTH_TOKEN=... bash install.sh # non-interactive (skips the token prompt) +bash install.sh --uninstall # remove the launcher (config is left in place) +``` + +`claude-box` forwards your host git identity (so commits are attributed to you) and, if you set +`DEPLOY_KEY=/path/to/scoped_key`, mounts it read-only to enable `git push` (see [SECURITY.md](./SECURITY.md)). + +### Without the installer — one `docker run` + +Save your token once, then run the image directly. The token file is read by `--env-file`, so it +must be raw `KEY=value` (no quotes, no `export`): + +```bash +mkdir -p ~/.config/claude-standalone +printf 'CLAUDE_CODE_OAUTH_TOKEN=%s\n' 'YOUR_TOKEN' > ~/.config/claude-standalone/claude.env +chmod 600 ~/.config/claude-standalone/claude.env +# optional MCP keys: add CONTEXT7_API_KEY=... / PERPLEXITY_API_KEY=... lines + +docker pull ghcr.io/highload-zone/claude-code-standalone:latest +``` + +From the project directory you want the agent to work on: + +```bash +docker run -it --rm \ + --cap-drop=ALL --security-opt=no-new-privileges:true --pids-limit=100 --network=bridge \ + --user "$(id -u):$(id -g)" \ + --tmpfs /home/agent:exec,mode=1777,size=512m -e HOME=/home/agent \ + --tmpfs /tmp:noexec,nosuid,size=100m \ + -v "$PWD:/workspace:rw" -w /workspace \ + --env-file ~/.config/claude-standalone/claude.env \ + ghcr.io/highload-zone/claude-code-standalone:latest +``` + +> **Why the command is long — and don't shorten it.** The image is self-contained (entrypoint, tools, +> config, MCP servers are all baked in), but the container's *protection* — `--cap-drop=ALL`, the +> non-root `--user`, the `noexec` tmpfs scratch, network isolation — are **`docker run` flags, not +> something an image can carry**: Docker's security model puts these in the operator's hands by +> design. `$(id -u):$(id -g)` (so the agent owns your files) and `$PWD` (which project to mount) are +> likewise resolved on the host at run time. Dropping the hardening flags to make the command shorter +> removes exactly the boundary this image exists to provide — that's why the installer above wraps +> the full command in `claude-box` rather than offering a trimmed-down one. + +To attribute commits to **you** and/or enable `git push`, add to the `docker run`: + +```bash + -e GIT_AUTHOR_NAME="$(git config user.name)" -e GIT_COMMITTER_NAME="$(git config user.name)" \ + -e GIT_AUTHOR_EMAIL="$(git config user.email)" -e GIT_COMMITTER_EMAIL="$(git config user.email)" \ + # for push, mount a SCOPED, read-only deploy key (see SECURITY.md): + -v /path/to/repo_deploy_key:/home/agent/deploy_key:ro \ + -e GIT_SSH_COMMAND="ssh -i /home/agent/deploy_key -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new" \ +``` + +> **Token in the system keyring (optional).** To avoid a plaintext `--env-file`, store the token in +> the OS keyring and inject it at run time instead — drop `--env-file` and add +> `-e CLAUDE_CODE_OAUTH_TOKEN="$(secret-tool lookup service claude-code key oauth)"` on Linux +> (libsecret), or `$(security find-generic-password -s claude-code -a oauth -w)` on macOS (Keychain). + +See [Requirements](#requirements), [Setup](#setup), and [Run](#run) below for building locally and +the repo's script-based flow. + ## Why Running an autonomous coding agent with broad permissions directly on your host is risky. This image @@ -57,15 +146,15 @@ Base: `node:22-trixie-slim` (Node 22 LTS, Debian 13 / glibc 2.41). Multi-arch (a Toolchain pinned in `tools/package.json`, locked in `tools/package-lock.json` (`npm ci`, sha512 integrity, exact versions): -- `@anthropic-ai/claude-code` (2.1.159), `@fission-ai/openspec` (1.3.1) -- `@agentclientprotocol/claude-agent-acp` (0.39.0) — ACP adapter for IDE use (Zed); reuses +- `@anthropic-ai/claude-code` (2.1.177), `@fission-ai/openspec` (1.4.1) +- `@agentclientprotocol/claude-agent-acp` (0.44.0) — ACP adapter for IDE use (Zed); reuses the pinned `claude` binary via `CLAUDE_CODE_EXECUTABLE` -- `@colbymchenry/codegraph` (0.9.8, MCP) wrapped by `caveman-shrink` (0.1.0) +- `@colbymchenry/codegraph` (1.0.0, MCP) wrapped by `caveman-shrink` (0.1.0) - MCP servers: `sequential-thinking`, `context7` (HTTP), `perplexity` -- caveman skill (plugin, tag `v1.8.2`) -- Dev tools: `pnpm` 11.5.0, `typescript` 6.0.3, `ts-node` 10.9.2, `prettier` 3.8.3, `eslint` 10.4.1 +- caveman skill (plugin, tag `v1.9.0`) +- Dev tools: `pnpm` 11.6.0, `typescript` 6.0.3, `ts-node` 10.9.2, `prettier` 3.8.4, `eslint` 10.5.0 -GitHub-release binaries (per-arch, sha256-pinned): `rtk` (v0.42.0), `git-delta` (0.19.2). +GitHub-release binaries (per-arch, sha256-pinned): `rtk` (v0.42.4), `git-delta` (0.19.2). CLI utilities: `jq`, `ripgrep`, `fd`, `tree`, `fzf`, `mc`, `gnupg`. See [CLAUDE.md](./CLAUDE.md) for the full architecture and per-component details. diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..b82114a --- /dev/null +++ b/install.sh @@ -0,0 +1,169 @@ +#!/usr/bin/env bash +# +# claude-standalone installer. +# +# curl -fsSL https://raw.githubusercontent.com/highload-zone/claude-code-standalone/main/install.sh | bash +# +# Installs a `claude-box` launcher into ~/.local/bin, pulls the prebuilt GHCR +# image, and stores your Claude Code OAuth token once in +# ~/.config/claude-standalone/claude.env (chmod 600). After that, run `claude-box` +# from any project directory to start the hardened agent over the current folder. +# +# Re-run any time to update (the launcher is regenerated; an existing token is +# kept). Remove with: bash install.sh --uninstall +# +# Non-interactive: set CLAUDE_CODE_OAUTH_TOKEN in the environment before running +# and the token prompt is skipped. Override the image with CLAUDE_IMAGE. +# +# Supply-chain note: this is `curl | bash` from a branch. If you prefer to read +# before running: +# curl -fsSL https://raw.githubusercontent.com/highload-zone/claude-code-standalone/main/install.sh -o install.sh +# less install.sh && bash install.sh + +set -euo pipefail + +REPO="highload-zone/claude-code-standalone" +IMAGE="${CLAUDE_IMAGE:-ghcr.io/${REPO}:latest}" +CONFIG_DIR="${XDG_CONFIG_HOME:-$HOME/.config}/claude-standalone" +ENV_FILE="$CONFIG_DIR/claude.env" +BIN_DIR="$HOME/.local/bin" +LAUNCHER="$BIN_DIR/claude-box" + +say() { printf '%s\n' "$*" >&2; } +die() { printf 'error: %s\n' "$*" >&2; exit 1; } + +# ---------------------------------------------------------------------------- +# Uninstall +# ---------------------------------------------------------------------------- +if [ "${1:-}" = "--uninstall" ]; then + rm -f "$LAUNCHER" && say "Removed $LAUNCHER" + say "Config left in place: $CONFIG_DIR" + say "Remove it too with: rm -rf \"$CONFIG_DIR\"" + exit 0 +fi + +# ---------------------------------------------------------------------------- +# Prerequisites +# ---------------------------------------------------------------------------- +command -v docker >/dev/null 2>&1 || die "docker not found in PATH — install Docker first." + +# ---------------------------------------------------------------------------- +# Pull the image +# ---------------------------------------------------------------------------- +say "Pulling $IMAGE ..." +docker pull "$IMAGE" >&2 \ + || die "docker pull failed. If the package is private, run 'docker login ghcr.io' first." + +# ---------------------------------------------------------------------------- +# Token config (docker --env-file format: raw value, no quotes, no 'export') +# ---------------------------------------------------------------------------- +mkdir -p "$CONFIG_DIR" && chmod 700 "$CONFIG_DIR" + +token="${CLAUDE_CODE_OAUTH_TOKEN:-}" +existing="" +if [ -f "$ENV_FILE" ]; then + existing="$(sed -n 's/^CLAUDE_CODE_OAUTH_TOKEN=//p' "$ENV_FILE" | head -n1 || true)" +fi + +if [ -z "$token" ] && [ -n "$existing" ]; then + say "Existing token found in $ENV_FILE — keeping it." + token="$existing" +elif [ -z "$token" ]; then + if [ -r /dev/tty ]; then + printf 'Claude Code OAuth token (run `claude setup-token` to get one): ' >&2 + read -rs token < /dev/tty + printf '\n' >&2 + else + die "No CLAUDE_CODE_OAUTH_TOKEN set and no /dev/tty for interactive input. + Set CLAUDE_CODE_OAUTH_TOKEN in the environment and re-run." + fi +fi +[ -n "$token" ] || die "empty token — aborting." + +umask 077 +printf 'CLAUDE_CODE_OAUTH_TOKEN=%s\n' "$token" > "$ENV_FILE" +chmod 600 "$ENV_FILE" +say "Token saved to $ENV_FILE (chmod 600)." +say "Optional MCP keys: add 'CONTEXT7_API_KEY=...' / 'PERPLEXITY_API_KEY=...' lines to that file." + +# ---------------------------------------------------------------------------- +# Install the launcher (regenerated every run = upgrade path) +# ---------------------------------------------------------------------------- +mkdir -p "$BIN_DIR" +cat > "$LAUNCHER" <<'LAUNCHER_EOF' +#!/usr/bin/env bash +# +# claude-box — run the hardened claude-code-standalone container over the current +# directory (mounted read-write). Installed by claude-standalone's install.sh; +# re-run the installer to update. Extra args are passed through to `claude`. +# +# Env overrides: +# CLAUDE_IMAGE image to run (default: the GHCR :latest) +# CLAUDE_ENV_FILE env-file with CLAUDE_CODE_OAUTH_TOKEN (+ optional MCP keys) +# DEPLOY_KEY path to a scoped, read-only git deploy key to enable push +set -euo pipefail + +IMAGE="${CLAUDE_IMAGE:-ghcr.io/highload-zone/claude-code-standalone:latest}" +ENV_FILE="${CLAUDE_ENV_FILE:-${XDG_CONFIG_HOME:-$HOME/.config}/claude-standalone/claude.env}" + +# Footgun guards (not a defense against a hostile operator — see SECURITY.md). +for a in "$@"; do + case "$a" in + --privileged|--pid=host|--network=host|--cap-add*|*docker.sock*) + echo "claude-box: refusing '$a' — it weakens container isolation." >&2; exit 1;; + esac +done +[ "$(id -u)" -eq 0 ] && { echo "claude-box: refusing to run as host root." >&2; exit 1; } + +args=( + run -it --rm + --cap-drop=ALL + --security-opt=no-new-privileges:true + --pids-limit=100 + --network=bridge + --user "$(id -u):$(id -g)" + --tmpfs "/home/agent:exec,mode=1777,size=512m" + -e HOME=/home/agent + --tmpfs "/tmp:noexec,nosuid,size=100m" + -v "$PWD:/workspace:rw" + -w /workspace +) + +if [ -f "$ENV_FILE" ]; then + args+=( --env-file "$ENV_FILE" ) +else + echo "claude-box: no env-file at $ENV_FILE — set CLAUDE_CODE_OAUTH_TOKEN or re-run install.sh." >&2 +fi + +# git commit identity from the host (so commits are attributed to you). +gn="$(git config --get user.name 2>/dev/null || true)" +ge="$(git config --get user.email 2>/dev/null || true)" +[ -n "$gn" ] && args+=( -e "GIT_AUTHOR_NAME=$gn" -e "GIT_COMMITTER_NAME=$gn" ) +[ -n "$ge" ] && args+=( -e "GIT_AUTHOR_EMAIL=$ge" -e "GIT_COMMITTER_EMAIL=$ge" ) + +# Scoped deploy key for `git push` (read-only, IdentitiesOnly — no ssh pivot). +if [ -n "${DEPLOY_KEY:-}" ] && [ -f "${DEPLOY_KEY}" ]; then + args+=( + -v "${DEPLOY_KEY}:/home/agent/deploy_key:ro" + -e "GIT_SSH_COMMAND=ssh -i /home/agent/deploy_key -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new" + ) +fi + +exec docker "${args[@]}" "$IMAGE" "$@" +LAUNCHER_EOF +chmod +x "$LAUNCHER" +say "Launcher installed: $LAUNCHER" + +# ---------------------------------------------------------------------------- +# PATH hint +# ---------------------------------------------------------------------------- +case ":$PATH:" in + *":$BIN_DIR:"*) + say "" + say "Done. Run 'claude-box' from any project directory." ;; + *) + say "" + say "$BIN_DIR is not in your PATH. Add it:" + say " echo 'export PATH=\"\$HOME/.local/bin:\$PATH\"' >> ~/.bashrc # or ~/.zshrc" + say "Then restart your shell and run 'claude-box'." ;; +esac diff --git a/tools/package-lock.json b/tools/package-lock.json index 81065f9..c80542c 100644 --- a/tools/package-lock.json +++ b/tools/package-lock.json @@ -8,28 +8,28 @@ "name": "claude-container-toolchain", "version": "1.0.0", "dependencies": { - "@agentclientprotocol/claude-agent-acp": "0.39.0", - "@anthropic-ai/claude-code": "2.1.159", - "@colbymchenry/codegraph": "0.9.8", - "@fission-ai/openspec": "1.3.1", + "@agentclientprotocol/claude-agent-acp": "0.44.0", + "@anthropic-ai/claude-code": "2.1.177", + "@colbymchenry/codegraph": "1.0.0", + "@fission-ai/openspec": "1.4.1", "@modelcontextprotocol/server-sequential-thinking": "2025.12.18", "caveman-shrink": "0.1.0", - "eslint": "10.4.1", + "eslint": "10.5.0", "perplexity-mcp": "0.2.3", - "pnpm": "11.5.0", - "prettier": "3.8.3", + "pnpm": "11.6.0", + "prettier": "3.8.4", "ts-node": "10.9.2", "typescript": "6.0.3" } }, "node_modules/@agentclientprotocol/claude-agent-acp": { - "version": "0.39.0", - "resolved": "https://registry.npmjs.org/@agentclientprotocol/claude-agent-acp/-/claude-agent-acp-0.39.0.tgz", - "integrity": "sha512-+tCm5v32L0R3zE4qjZQowfO1L/zqvQ5FapmsMSIf4gawXfTf26CG5hgz99wARdo0zn20/1eP80gzx7PbZlSX9A==", + "version": "0.44.0", + "resolved": "https://registry.npmjs.org/@agentclientprotocol/claude-agent-acp/-/claude-agent-acp-0.44.0.tgz", + "integrity": "sha512-FWET6TS3XpVgm4xhPtxzPJACNBK+O1rWnZ+6ZDA1vvtxy9KmAu6yGCDSGSsPeArEcouc8u69iuNW4vLaUELNcw==", "license": "Apache-2.0", "dependencies": { - "@agentclientprotocol/sdk": "0.22.1", - "@anthropic-ai/claude-agent-sdk": "0.3.156", + "@agentclientprotocol/sdk": "0.25.0", + "@anthropic-ai/claude-agent-sdk": "0.3.170", "zod": "^3.25.0 || ^4.0.0" }, "bin": { @@ -37,31 +37,31 @@ } }, "node_modules/@agentclientprotocol/sdk": { - "version": "0.22.1", - "resolved": "https://registry.npmjs.org/@agentclientprotocol/sdk/-/sdk-0.22.1.tgz", - "integrity": "sha512-DfqXtl/8gO9NImq094MTaCXEU2vkhh6v7q/kT+9UjZxUqj8hYaya2OjLVIqn16MzNHcXEpShTR2RIauLSYeDQQ==", + "version": "0.25.0", + "resolved": "https://registry.npmjs.org/@agentclientprotocol/sdk/-/sdk-0.25.0.tgz", + "integrity": "sha512-wU1VgXNtMvdVotX49txc3WJUDV+/QbLpsgjMvFhlRmp37osdLbI7L7y+iwAlQATwfjLxcv1r1p3ZxZBcXlGhcQ==", "license": "Apache-2.0", "peerDependencies": { "zod": "^3.25.0 || ^4.0.0" } }, "node_modules/@anthropic-ai/claude-agent-sdk": { - "version": "0.3.156", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk/-/claude-agent-sdk-0.3.156.tgz", - "integrity": "sha512-6nM/Dj+VMds52UXJ2YaV4IKhYamlUqN0HtdDrFzYz5lvPMpDS935qD8YZDAUpy+ltdoD6PJMd1V/CKFY3/oWCQ==", + "version": "0.3.170", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk/-/claude-agent-sdk-0.3.170.tgz", + "integrity": "sha512-pAvhfk+iTodXZ6RF18Kz7BEUWFjL7EcR3tKuhUNdPpE1NAYCR3mSHGbafi72JsrNwKEDIs7FU31z3fqhwy8QzA==", "license": "SEE LICENSE IN README.md", "engines": { "node": ">=18.0.0" }, "optionalDependencies": { - "@anthropic-ai/claude-agent-sdk-darwin-arm64": "0.3.156", - "@anthropic-ai/claude-agent-sdk-darwin-x64": "0.3.156", - "@anthropic-ai/claude-agent-sdk-linux-arm64": "0.3.156", - "@anthropic-ai/claude-agent-sdk-linux-arm64-musl": "0.3.156", - "@anthropic-ai/claude-agent-sdk-linux-x64": "0.3.156", - "@anthropic-ai/claude-agent-sdk-linux-x64-musl": "0.3.156", - "@anthropic-ai/claude-agent-sdk-win32-arm64": "0.3.156", - "@anthropic-ai/claude-agent-sdk-win32-x64": "0.3.156" + "@anthropic-ai/claude-agent-sdk-darwin-arm64": "0.3.170", + "@anthropic-ai/claude-agent-sdk-darwin-x64": "0.3.170", + "@anthropic-ai/claude-agent-sdk-linux-arm64": "0.3.170", + "@anthropic-ai/claude-agent-sdk-linux-arm64-musl": "0.3.170", + "@anthropic-ai/claude-agent-sdk-linux-x64": "0.3.170", + "@anthropic-ai/claude-agent-sdk-linux-x64-musl": "0.3.170", + "@anthropic-ai/claude-agent-sdk-win32-arm64": "0.3.170", + "@anthropic-ai/claude-agent-sdk-win32-x64": "0.3.170" }, "peerDependencies": { "@anthropic-ai/sdk": ">=0.93.0", @@ -70,9 +70,9 @@ } }, "node_modules/@anthropic-ai/claude-agent-sdk-darwin-arm64": { - "version": "0.3.156", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-darwin-arm64/-/claude-agent-sdk-darwin-arm64-0.3.156.tgz", - "integrity": "sha512-IkjcS9dqAUlD4Nb62L9AZtmAXCa+FV4ul8lIlyXXUprh3nlecbKsWOXVd/GORrzAhMmynJaX4+iV1JiutFKXUA==", + "version": "0.3.170", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-darwin-arm64/-/claude-agent-sdk-darwin-arm64-0.3.170.tgz", + "integrity": "sha512-rwfgArIa5WI0QPNqFsRBgvtSI0mrtpynUm0oK6+l6/KX4hcgnYGEzciZR1bOeD9/7sSZlTdIgt+T9alKeZmXcg==", "cpu": [ "arm64" ], @@ -83,9 +83,9 @@ ] }, "node_modules/@anthropic-ai/claude-agent-sdk-darwin-x64": { - "version": "0.3.156", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-darwin-x64/-/claude-agent-sdk-darwin-x64-0.3.156.tgz", - "integrity": "sha512-6PKi5fPmGRuzXu+Em/iwLmPG3mqg0hl92wcTU8fmChqyNtxhxsjCw7LTbdFqp/05o5NeZVVV4k3p7YUv5IFD6g==", + "version": "0.3.170", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-darwin-x64/-/claude-agent-sdk-darwin-x64-0.3.170.tgz", + "integrity": "sha512-0e58h8UQMtsQxLGIv9r4foxfBFWKZ7NeDtoplLhuD7EwQonehomw1sBXCch77t/IfUS+q5vQ5zv+fOGmap5nLQ==", "cpu": [ "x64" ], @@ -96,9 +96,9 @@ ] }, "node_modules/@anthropic-ai/claude-agent-sdk-linux-arm64": { - "version": "0.3.156", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-linux-arm64/-/claude-agent-sdk-linux-arm64-0.3.156.tgz", - "integrity": "sha512-H0Nfd41iw5isto9uQI1FlVSZ0eaDttr8rBpJMR25oK/mj3egMO5EmZ6aAxeeUYSLn2mSU50HA5VNxlGUE118TQ==", + "version": "0.3.170", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-linux-arm64/-/claude-agent-sdk-linux-arm64-0.3.170.tgz", + "integrity": "sha512-gLbaFqcGppFJQd4DLNV4IXoeahejT/p2/M8bSSvRDbla9GOsBr1AxV5XLRyBn1e7xFGozZIAIQr3+1chp7NJgQ==", "cpu": [ "arm64" ], @@ -109,9 +109,9 @@ ] }, "node_modules/@anthropic-ai/claude-agent-sdk-linux-arm64-musl": { - "version": "0.3.156", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-linux-arm64-musl/-/claude-agent-sdk-linux-arm64-musl-0.3.156.tgz", - "integrity": "sha512-R7KEVjxkR4rYgIQoHGBzwPdUJYxRTO8I4vHjRbMLH1eW4FS7BJvVs7ogfKR/NnHFBvMVqtC+l6jHLQv8bobUiw==", + "version": "0.3.170", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-linux-arm64-musl/-/claude-agent-sdk-linux-arm64-musl-0.3.170.tgz", + "integrity": "sha512-SRYfQcsXlOq+CD/FqkQBTSHbaD++w73GnnO+NUV9adLYrca3kfetRwWT1iguY1cNS0l34dCR3rlzCPq78vg1Jg==", "cpu": [ "arm64" ], @@ -122,9 +122,9 @@ ] }, "node_modules/@anthropic-ai/claude-agent-sdk-linux-x64": { - "version": "0.3.156", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-linux-x64/-/claude-agent-sdk-linux-x64-0.3.156.tgz", - "integrity": "sha512-ymhrdlbWoYvTACUdaGdhrEv+ZMfwXLsf0BRLkr/IvY5aqybP7URzWmmZGOtDQpqkT/8xu/UCGqUYH3woJwUxfg==", + "version": "0.3.170", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-linux-x64/-/claude-agent-sdk-linux-x64-0.3.170.tgz", + "integrity": "sha512-Xl/m7TaSC3T5IDBdHrZQ9fCQYyDmPELN34CL+MoyPIf7uSmuZnjE9fUOqDh2Rv26JxWssi1M6X+BBvVuKd6Cpg==", "cpu": [ "x64" ], @@ -135,9 +135,9 @@ ] }, "node_modules/@anthropic-ai/claude-agent-sdk-linux-x64-musl": { - "version": "0.3.156", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-linux-x64-musl/-/claude-agent-sdk-linux-x64-musl-0.3.156.tgz", - "integrity": "sha512-/Q6WUizI6a+hqZZ6ElwRU0PEuFhOoN4v6CuU35HHbiZ/7uaocGht4A8ZIgK1Fw6wOGtZzGLbc00CA1OU1Zg8EA==", + "version": "0.3.170", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-linux-x64-musl/-/claude-agent-sdk-linux-x64-musl-0.3.170.tgz", + "integrity": "sha512-m4+I0qBEk7cxRKS+pL+eoWXbXTFOAo83fQ0tQvap4z/mDMm06IWJtEPoYTaMBwsp32GJWLkHWKbZSBCHZnp2DQ==", "cpu": [ "x64" ], @@ -148,9 +148,9 @@ ] }, "node_modules/@anthropic-ai/claude-agent-sdk-win32-arm64": { - "version": "0.3.156", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-win32-arm64/-/claude-agent-sdk-win32-arm64-0.3.156.tgz", - "integrity": "sha512-5sAeNObQQrMy4NF9HwxewrMnU7mVxZDHh+/MfJVQSz0GSTvXQ6gOuRH8helMlfspoU6VOdekPxVLRooX/3foEw==", + "version": "0.3.170", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-win32-arm64/-/claude-agent-sdk-win32-arm64-0.3.170.tgz", + "integrity": "sha512-IG+8isJNNJKbnnhO7m+PGhfVCg+XoQ/MDxGde5eigFI0WsEfitjuWSWwx82bT9ghxI1aa6qNvI+UPgPcZuo5Fg==", "cpu": [ "arm64" ], @@ -161,9 +161,9 @@ ] }, "node_modules/@anthropic-ai/claude-agent-sdk-win32-x64": { - "version": "0.3.156", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-win32-x64/-/claude-agent-sdk-win32-x64-0.3.156.tgz", - "integrity": "sha512-/PofeTWoiKgnWNSNk0wG4SsRn22GGLmnLhg2R94WcNhCRFOyOTmiZcYH2DBlWZBIRVTZDsSfa/Pl1DyPvYCGKw==", + "version": "0.3.170", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-agent-sdk-win32-x64/-/claude-agent-sdk-win32-x64-0.3.170.tgz", + "integrity": "sha512-7cuqSKbHVItPGVwRbd3A0BEJwcNtc7Fhoh6qHN4C6yrmjSrvdYYx3MLvq/VI768/RoG7mAMDxb+j7WfEfoP9BA==", "cpu": [ "x64" ], @@ -174,9 +174,9 @@ ] }, "node_modules/@anthropic-ai/claude-code": { - "version": "2.1.159", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-2.1.159.tgz", - "integrity": "sha512-l1Qsa3CamItHIpTgXWEEEPxpfCm3xB9QBfwxcvkk53QNr3HLS6NAkmutVrWusAA38mSwitrcwH3zOdY4qP/VMA==", + "version": "2.1.177", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code/-/claude-code-2.1.177.tgz", + "integrity": "sha512-pbBlT4O36j60k7Zd1aPQlVU1HFFpvFaTTnrsWLAVKdIHK/EcLjVjE/qY8kz9/e62XerK/UhJrZ8GsLaBNQ+6Mw==", "hasInstallScript": true, "license": "SEE LICENSE IN README.md", "bin": { @@ -186,20 +186,20 @@ "node": ">=18.0.0" }, "optionalDependencies": { - "@anthropic-ai/claude-code-darwin-arm64": "2.1.159", - "@anthropic-ai/claude-code-darwin-x64": "2.1.159", - "@anthropic-ai/claude-code-linux-arm64": "2.1.159", - "@anthropic-ai/claude-code-linux-arm64-musl": "2.1.159", - "@anthropic-ai/claude-code-linux-x64": "2.1.159", - "@anthropic-ai/claude-code-linux-x64-musl": "2.1.159", - "@anthropic-ai/claude-code-win32-arm64": "2.1.159", - "@anthropic-ai/claude-code-win32-x64": "2.1.159" + "@anthropic-ai/claude-code-darwin-arm64": "2.1.177", + "@anthropic-ai/claude-code-darwin-x64": "2.1.177", + "@anthropic-ai/claude-code-linux-arm64": "2.1.177", + "@anthropic-ai/claude-code-linux-arm64-musl": "2.1.177", + "@anthropic-ai/claude-code-linux-x64": "2.1.177", + "@anthropic-ai/claude-code-linux-x64-musl": "2.1.177", + "@anthropic-ai/claude-code-win32-arm64": "2.1.177", + "@anthropic-ai/claude-code-win32-x64": "2.1.177" } }, "node_modules/@anthropic-ai/claude-code-darwin-arm64": { - "version": "2.1.159", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-darwin-arm64/-/claude-code-darwin-arm64-2.1.159.tgz", - "integrity": "sha512-F0NwKmIdKwEBDC//Iq++4v87LCCF3egMpTK7x6isq6AnbDMJ/61usML/Cfs86VCq0dHnxgEzYuWWs2nJkDRxag==", + "version": "2.1.177", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-darwin-arm64/-/claude-code-darwin-arm64-2.1.177.tgz", + "integrity": "sha512-Fr8x9bK7tPqwdh3ThrxH8k/SNEtBbPp2nuBaeZvqboWx/WJxssYzX4aYMOSKqfPQ9CpV7AfNehF3EhVNgd3KTw==", "cpu": [ "arm64" ], @@ -210,9 +210,9 @@ ] }, "node_modules/@anthropic-ai/claude-code-darwin-x64": { - "version": "2.1.159", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-darwin-x64/-/claude-code-darwin-x64-2.1.159.tgz", - "integrity": "sha512-IffiVfY/ZJFI6t0zQ5w/vn9YqExqzp3YKOVyJdNIDx0iYEbkgXzAA4goAVsBih7Y+TnTL7DlVVYGsTzSDsIOfQ==", + "version": "2.1.177", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-darwin-x64/-/claude-code-darwin-x64-2.1.177.tgz", + "integrity": "sha512-5XqqrdSdMmOD88Jqla6+Y3GKoun7M1pvfTYAYTUFadvv8guqo895INf6MnUFeADOE+U6v015r4gX443xc02uGw==", "cpu": [ "x64" ], @@ -223,9 +223,9 @@ ] }, "node_modules/@anthropic-ai/claude-code-linux-arm64": { - "version": "2.1.159", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-linux-arm64/-/claude-code-linux-arm64-2.1.159.tgz", - "integrity": "sha512-c8dXbuQdrotGWll46GlnXm5IPpORK2VrBSosCmI6f8t7Snc/3F58fX0MbIjJ/ycXpY0aaKuOnufCuxf7wi1Xqw==", + "version": "2.1.177", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-linux-arm64/-/claude-code-linux-arm64-2.1.177.tgz", + "integrity": "sha512-qb0K+/xwaZFz9spBUcDX3vNgEFTSNdbDze8AOpU4R9weVrwBY9zAO/OPqxC9qNhb5ZIRnJAZLKiICEeEUHowzA==", "cpu": [ "arm64" ], @@ -236,9 +236,9 @@ ] }, "node_modules/@anthropic-ai/claude-code-linux-arm64-musl": { - "version": "2.1.159", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-linux-arm64-musl/-/claude-code-linux-arm64-musl-2.1.159.tgz", - "integrity": "sha512-EoAoS2fB063ri5mxNeN77gRgxL55UxSXLWUQfLjjHUCeB0njoOtfhj9huurqc5GNhpFoJ0ZTq1NQLNLHXOAijg==", + "version": "2.1.177", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-linux-arm64-musl/-/claude-code-linux-arm64-musl-2.1.177.tgz", + "integrity": "sha512-cOxWAd0ROXV2RjPjaHrErzDL98Lwfix4Ury567Hm0lh00nw4okXb5WGk+Ak09hkwc2cAOmKlYRL7SAvssG9cDA==", "cpu": [ "arm64" ], @@ -249,9 +249,9 @@ ] }, "node_modules/@anthropic-ai/claude-code-linux-x64": { - "version": "2.1.159", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-linux-x64/-/claude-code-linux-x64-2.1.159.tgz", - "integrity": "sha512-EvB0y/2l1qHYV8lLpltiMKhWaTEui51A1Uh1wNqmvZowMnQx0abIahfm5Dc/AE295fCISF0ySi2vZCvnHiPnsQ==", + "version": "2.1.177", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-linux-x64/-/claude-code-linux-x64-2.1.177.tgz", + "integrity": "sha512-syChhLEXI82sld9V3QN8+IkgQy6dtScWmlMVvV2wSlG5/Zjl8UyB+ARoCcsnFCZ6dK9OzjT9TInQovrkt2ZsYw==", "cpu": [ "x64" ], @@ -262,9 +262,9 @@ ] }, "node_modules/@anthropic-ai/claude-code-linux-x64-musl": { - "version": "2.1.159", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-linux-x64-musl/-/claude-code-linux-x64-musl-2.1.159.tgz", - "integrity": "sha512-F2vfxIVpLzVtnYrkbPhZi2v7EUxYLqxtkQ4Rhi9PtUQffoPR0i7hfzTxr7cT0uyY/HVwUbtsl4z36J+hpFulrA==", + "version": "2.1.177", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-linux-x64-musl/-/claude-code-linux-x64-musl-2.1.177.tgz", + "integrity": "sha512-sxP4VyF0mEeMtlnOBicg7fRAv8eljorpQzKEalNu5Q2kLOoOV62GO6A1dgrpVwyfMMweJjea0bBYqIMlR27mmQ==", "cpu": [ "x64" ], @@ -275,9 +275,9 @@ ] }, "node_modules/@anthropic-ai/claude-code-win32-arm64": { - "version": "2.1.159", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-win32-arm64/-/claude-code-win32-arm64-2.1.159.tgz", - "integrity": "sha512-wWGdFTbu2tH4MIbxFrFCzUbzZy2TUY3MxBDB2iigQ+X1DXBNs8nUmWC7Uj071V7c1IWBi1PDQucSBLd/ioMqbQ==", + "version": "2.1.177", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-win32-arm64/-/claude-code-win32-arm64-2.1.177.tgz", + "integrity": "sha512-5vZlPcOsDARW9gK1RNZhRUevhCop1K5wFt/SvnXX+QVWC4fMfq/Kpug1SGaRewrvZjOMfstN9jvF+TqvHuHHfQ==", "cpu": [ "arm64" ], @@ -288,9 +288,9 @@ ] }, "node_modules/@anthropic-ai/claude-code-win32-x64": { - "version": "2.1.159", - "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-win32-x64/-/claude-code-win32-x64-2.1.159.tgz", - "integrity": "sha512-c2M9wStwfBqN3keRI8An5+SD7PElJ103O/8VXrWEevf7V7LHYZBgkdOtsv2PaUjBwVyxYp32Fea3XL38/RS7OA==", + "version": "2.1.177", + "resolved": "https://registry.npmjs.org/@anthropic-ai/claude-code-win32-x64/-/claude-code-win32-x64-2.1.177.tgz", + "integrity": "sha512-tIAQI5OO5pA2SRQaA55CdIKXQpKkoXHZ6ll/xkTpaz+183ZnVuTCTWz6MbT6Yzyf9kwwsr3Ma1dzgZVFl/LNpw==", "cpu": [ "x64" ], @@ -301,9 +301,9 @@ ] }, "node_modules/@anthropic-ai/sdk": { - "version": "0.100.1", - "resolved": "https://registry.npmjs.org/@anthropic-ai/sdk/-/sdk-0.100.1.tgz", - "integrity": "sha512-RANcEe7LpiLczkKGOwoXOTuFdPhuubS0i4xaAKOMpcqc55YO0mukgxppV7eygx3DXNjxWT6RYOLPyOy0aIAmwg==", + "version": "0.104.1", + "resolved": "https://registry.npmjs.org/@anthropic-ai/sdk/-/sdk-0.104.1.tgz", + "integrity": "sha512-gGACa/+IaiXzRRmF96aOhamoBgapKRBiFWbmmTFP8aMkpaEcuStF+Q61bjo4vPxBM7gqWJNZqsngslRdnLHv0Q==", "license": "MIT", "peer": true, "dependencies": { @@ -333,26 +333,26 @@ } }, "node_modules/@colbymchenry/codegraph": { - "version": "0.9.8", - "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph/-/codegraph-0.9.8.tgz", - "integrity": "sha512-fH3w7+h8Wn8F7B5zF+y0Upw6j24sAByeshz+Xwhz5DuIFJkHilXw6EGpWlJt6i7cEqK/eSSZv5/PQvEriyseeg==", + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph/-/codegraph-1.0.0.tgz", + "integrity": "sha512-x+74x0VHcPrCujv6GjdEs+s9RzNwYoru3+gx5rn2u7cSKIpqntHzFRY/L/KWYp+M2MsBijGe/ejY1glNinB93A==", "license": "MIT", "bin": { "codegraph": "npm-shim.js" }, "optionalDependencies": { - "@colbymchenry/codegraph-darwin-arm64": "0.9.8", - "@colbymchenry/codegraph-darwin-x64": "0.9.8", - "@colbymchenry/codegraph-linux-arm64": "0.9.8", - "@colbymchenry/codegraph-linux-x64": "0.9.8", - "@colbymchenry/codegraph-win32-arm64": "0.9.8", - "@colbymchenry/codegraph-win32-x64": "0.9.8" + "@colbymchenry/codegraph-darwin-arm64": "1.0.0", + "@colbymchenry/codegraph-darwin-x64": "1.0.0", + "@colbymchenry/codegraph-linux-arm64": "1.0.0", + "@colbymchenry/codegraph-linux-x64": "1.0.0", + "@colbymchenry/codegraph-win32-arm64": "1.0.0", + "@colbymchenry/codegraph-win32-x64": "1.0.0" } }, "node_modules/@colbymchenry/codegraph-darwin-arm64": { - "version": "0.9.8", - "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph-darwin-arm64/-/codegraph-darwin-arm64-0.9.8.tgz", - "integrity": "sha512-5VkzEu37ry6Ol//pK2ZcAYAGtrrCc0PceB/go5TwvP4xqTnYsMDXx2TJviU1ga5ZzLuy6vNnnLikLorNce9uYA==", + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph-darwin-arm64/-/codegraph-darwin-arm64-1.0.0.tgz", + "integrity": "sha512-aHtwJ+fMQVANNy81ryDRy10iBls8Wh8EnZqq+niQ3/16ABHhoJ05CtSUU+q3b2vEI1fjjV/1oy/gdkvmRSzqLA==", "cpu": [ "arm64" ], @@ -363,9 +363,9 @@ ] }, "node_modules/@colbymchenry/codegraph-darwin-x64": { - "version": "0.9.8", - "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph-darwin-x64/-/codegraph-darwin-x64-0.9.8.tgz", - "integrity": "sha512-KhSgxm2xVnhY0HROuN+6VeNCMq+gMIVQpA5e1CpTEt19qWHcFqJcnEwWiL/jWt6tvDQ8TtxO4qUyfIwlod+jHQ==", + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph-darwin-x64/-/codegraph-darwin-x64-1.0.0.tgz", + "integrity": "sha512-9cdIYORYe1wCpf+vZO4SCLLr+zccdHdVYooS38lUPeXcl9g/gyBhhcEBrlQzEmeu83ODp7Xw3kpgfxj/71Jh2A==", "cpu": [ "x64" ], @@ -376,9 +376,9 @@ ] }, "node_modules/@colbymchenry/codegraph-linux-arm64": { - "version": "0.9.8", - "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph-linux-arm64/-/codegraph-linux-arm64-0.9.8.tgz", - "integrity": "sha512-Y5YV6ZHouM99uN44IWeZ/okUf29wS4kk+m0aGKmec7fKOLwDPKd5QsS5Es5hMjB++h69P8jxc2AGLLXTfOL28Q==", + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph-linux-arm64/-/codegraph-linux-arm64-1.0.0.tgz", + "integrity": "sha512-55DK/txKGlF6FlPbxVkE21pyUMGV/E0xgyV69iu33TyXbcPb3z9dEFen8w9H4eI23Am1eaca3eoGF2xZSXaJNg==", "cpu": [ "arm64" ], @@ -389,9 +389,9 @@ ] }, "node_modules/@colbymchenry/codegraph-linux-x64": { - "version": "0.9.8", - "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph-linux-x64/-/codegraph-linux-x64-0.9.8.tgz", - "integrity": "sha512-vgM1Qa1xLJm52Ju9/JVID3F2ZY3U1xRy+1phy9Bop0Lu4Dx/fHFtZeTnzwdNsBBrmviWz5EsTkdB0g1lbsMmHA==", + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph-linux-x64/-/codegraph-linux-x64-1.0.0.tgz", + "integrity": "sha512-F3U0H7NUjzTz3kvKTIIJvL9PwBL+An1PXdhuTza3rgSAd0TwCaFVqhFvA4NH232IEl9z46MyeVD9S/ir1ffewA==", "cpu": [ "x64" ], @@ -402,9 +402,9 @@ ] }, "node_modules/@colbymchenry/codegraph-win32-arm64": { - "version": "0.9.8", - "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph-win32-arm64/-/codegraph-win32-arm64-0.9.8.tgz", - "integrity": "sha512-Qn10DVW3zooyd6ixKIR6aygZX1TdKWZPzS2HZvICWw5VVyeKCg2mbAJtLgOzW95jvhMvG05vdqAZeRshmDpcHQ==", + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph-win32-arm64/-/codegraph-win32-arm64-1.0.0.tgz", + "integrity": "sha512-r5BXkvo7vQ0WiJg2cTnnApPycTMEQNCOly/mZvhl0J2woMIjHPbQTpj8Gw6rPavfC3ceMx9SiT0HlFGq/Is2Bg==", "cpu": [ "arm64" ], @@ -415,9 +415,9 @@ ] }, "node_modules/@colbymchenry/codegraph-win32-x64": { - "version": "0.9.8", - "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph-win32-x64/-/codegraph-win32-x64-0.9.8.tgz", - "integrity": "sha512-TWWrVIEZMdO07okfiwHoUprCno9JKQAO8tYwxKBjPTKM8dwGJPL6d/E2E3fCL4FPgk6FMrSnKYfHriyMsoVaaw==", + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@colbymchenry/codegraph-win32-x64/-/codegraph-win32-x64-1.0.0.tgz", + "integrity": "sha512-+EZebzU08ID/ahY3CV8KvZL+TRc6SDuHki3LXnANq279imbAaADoF5MTGgIEHIj8LWkX4wWmcirf907YKQFLvw==", "cpu": [ "x64" ], @@ -539,9 +539,9 @@ } }, "node_modules/@fission-ai/openspec": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/@fission-ai/openspec/-/openspec-1.3.1.tgz", - "integrity": "sha512-QnbJfq/lUNCRY+TTXo87fuIpGCCaOYt280tmbuI112B/1vF0feIneK0/qhoTZNslRDhwwg1YcYDX0suxq2h6tw==", + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/@fission-ai/openspec/-/openspec-1.4.1.tgz", + "integrity": "sha512-C/NQsybgjqtSr29QAv4NbO1bZTgozu8GAUSiONthenZ5W4TQ2bvyj8LVmr76qb90iGeTLEFkcdnI+iYYaFLKyA==", "hasInstallScript": true, "license": "MIT", "dependencies": { @@ -549,6 +549,7 @@ "@inquirer/prompts": "^7.8.0", "chalk": "^5.5.0", "commander": "^14.0.0", + "cross-spawn": "7.0.6", "fast-glob": "^3.3.3", "ora": "^8.2.0", "posthog-node": "^5.20.0", @@ -1815,10 +1816,13 @@ } }, "node_modules/eslint": { - "version": "10.4.1", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-10.4.1.tgz", - "integrity": "sha512-AyIKhnOBuOAdueD7RB3xB+YeAWScb9jHsJBgH2Hcde8InP5JYhqrRR6iTMHyTEwgENK54Cp44e4v8BwNhsuHuw==", + "version": "10.5.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-10.5.0.tgz", + "integrity": "sha512-1y+7C+vi12bUK1IpZeaV3gsH9fHLBmPvYmPx42pvT/E9yG0IC8g3PUZZgp0+JLJl7ZDK0flc2gc+Aw9dpCvIsQ==", "license": "MIT", + "workspaces": [ + "packages/*" + ], "dependencies": { "@eslint-community/eslint-utils": "^4.8.0", "@eslint-community/regexpp": "^4.12.2", @@ -3094,9 +3098,9 @@ } }, "node_modules/pnpm": { - "version": "11.5.0", - "resolved": "https://registry.npmjs.org/pnpm/-/pnpm-11.5.0.tgz", - "integrity": "sha512-2/zE+Bz0hZev1Lw5H/3xLBHxqfuDo5W/prCi2cwv2P/rr9scy9UpYyFT95OQTCYVt/Cf4aNFRz/Rw1hFFyqOsQ==", + "version": "11.6.0", + "resolved": "https://registry.npmjs.org/pnpm/-/pnpm-11.6.0.tgz", + "integrity": "sha512-mjZRgiQIDG/lFlr9z+eb+hGMKb5wPz9GKx4y7+HpjkfodQsUjggoYlCq1BE8x5k8pBPE4s1Ed1JwjC7ldRvJXw==", "license": "MIT", "bin": { "pn": "bin/pnpm.mjs", @@ -3141,9 +3145,9 @@ } }, "node_modules/prettier": { - "version": "3.8.3", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz", - "integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==", + "version": "3.8.4", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.4.tgz", + "integrity": "sha512-N2MylSdi48+5N/6S5j+maeHbUSIzzZ5uOcX5Hm4QpV8Dkb1HFjfAKTKX6yNPJQD9AhcT3ifHNB66tWTTJDi11Q==", "license": "MIT", "bin": { "prettier": "bin/prettier.cjs" diff --git a/tools/package.json b/tools/package.json index 18b391a..829e43c 100644 --- a/tools/package.json +++ b/tools/package.json @@ -4,17 +4,17 @@ "private": true, "description": "Pinned, lockfile-controlled global CLI toolchain for the claude-standalone container. Installed via `npm ci` for bit-for-bit reproducible npm tarballs (integrity-verified). Do not add `^`/`~` ranges here — exact versions only; regenerate package-lock.json inside node:22 after any change.", "dependencies": { - "@anthropic-ai/claude-code": "2.1.159", - "@agentclientprotocol/claude-agent-acp": "0.39.0", - "@fission-ai/openspec": "1.3.1", - "@colbymchenry/codegraph": "0.9.8", + "@anthropic-ai/claude-code": "2.1.177", + "@agentclientprotocol/claude-agent-acp": "0.44.0", + "@fission-ai/openspec": "1.4.1", + "@colbymchenry/codegraph": "1.0.0", "caveman-shrink": "0.1.0", "@modelcontextprotocol/server-sequential-thinking": "2025.12.18", "perplexity-mcp": "0.2.3", - "pnpm": "11.5.0", + "pnpm": "11.6.0", "typescript": "6.0.3", "ts-node": "10.9.2", - "prettier": "3.8.3", - "eslint": "10.4.1" + "prettier": "3.8.4", + "eslint": "10.5.0" } }