All notable changes to deva.sh will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Claude
--chromeintegration: auto-mount host Chrome profile Extensions and bridge socket into container DEVA_CHROME_PROFILE_PATH,DEVA_CHROME_USER_DATA_DIR,DEVA_HOST_CHROME_BRIDGE_DIRconfig knobsbuild-coreandbuild-rust-imageMakefile targets for faster incremental buildsscripts/install-agent-tooling.shshared agent install script for base and rust images- Custom images guide (
docs/custom-images.md) - CI smoke tests for Chrome mount assembly and entrypoint bridge symlink
- Bridge dir resolution now matches Node.js
os.tmpdir()order (macOS/var/folders/before/tmp) image_ref()in installer and deva.sh now handles full image refs with embedded tags and digests- Removed dead entrypoint fallback env vars (
DEVA_CHROME_HOST_SOCKET_PATH,DEVA_CHROME_HOST_TMPDIR)
- Dockerfile split into
agent-base(stable) +final(volatile) stages for better layer caching Dockerfile.rustnow inheritsagent-baseand runs its own agent install, making it self-contained- Default tool versions pinned in Dockerfiles and Makefile
LICENSEwith the standard MIT license textSECURITY.mdwith private vulnerability reporting guidanceCONTRIBUTING.mdwith the repo workflow, local checks, and release rulesdocs/guide set for quick start, internals, philosophy, authentication, advanced usage, and troubleshootingmkdocs.yml,docs/index.md, and GitHub Pages workflow for publishing the docs site atdocs.deva.sh- scheduled
nightly-images.ymlworkflow that publishes fresh nightly container tags without minting semver releases
- Claude
--auth-with api-keynow forwardsANTHROPIC_AUTH_TOKENandANTHROPIC_BASE_URL - Non-default auth no longer moves live host credential files out of the way; it overlays the default credential path with a safe placeholder instead
--dry-runno longer mutates config homes through autolink or scaffold writes- Copilot
--dry-runno longer starts the local proxy as a side effect - Config-home fan-out skips loose credential files, backup files, VCS junk, and
.DS_Store - Auth-specific persistent containers now include the agent in the name suffix, avoiding cross-agent reuse with the wrong env or mounts
install.shnow installs the full current agent set, including Gemini andshared_auth.shinstall.shnow reuses a prebuilt local image instead of blindly pulling, so CI smoke no longer depends on registry auth- release and nightly container workflows now resolve tool versions through the same script, and release no longer invents a local commit inside Actions
- Rewrote
README.mdinto a deva.sh front page with a real docs index and sharper OSS positioning - CI now builds the MkDocs site so Pages breakage gets caught before merge
- Updated
workflows/RELEASE.mdto usedeva.shas the source of truth for version bumps
- CRITICAL: docker-entrypoint.sh UID/GID remapping broken since commit 5807889 (2025-12-29)
- Fixed selective
find -maxdepth 1 -user rootapproach that skipped.npm-global,.local, etc. - Implemented explicit whitelist approach for container-managed directories
- Prevents "env: 'claude': Permission denied" errors on container startup
- See docs/UID-GID-HANDLING-RESEARCH.md for industry patterns analysis
- Fixed selective
- GitHub workflows updated for deva rebrand
- release.yml: Fixed IMAGE_NAME from
ccyolotodeva - release.yml: Updated to modify
deva.shinstead ofclaude.sh - release.yml: Added rust profile build and push
- ci.yml: Updated tests to use
deva.shinstead ofclaude.sh - scripts/version-check.sh: Updated to check
deva.shversion
- release.yml: Fixed IMAGE_NAME from
- install.sh: Updated branding to "deva Multi-Agent Environment"
- Comprehensive UID/GID handling research document (docs/UID-GID-HANDLING-RESEARCH.md)
- Industry patterns from VS Code DevContainers, Jupyter, fixuid, and production best practices
- Comparison matrix of 6 different UID/GID handling approaches
- Validation that runtime UID fixing is legitimate for dev containers
- Developer log documenting the UID/GID fix investigation (docs/devlog/20260108-docker-uid-permission-fix.org)
- docker-entrypoint.sh: Improved execution order (setup_nonroot_user before ensure_agent_binaries)
.deva.example- Reference config file demonstrating all supported directives (VOLUME, ENV, PROFILE, etc.)
- GitHub release workflow now builds both base and rust profile images
- Release notes now document both image profiles (base and rust)
- tmux bridge: Connect container tmux client to host tmux server via TCP bridge
deva-bridge-tmux-host(host-side) anddeva-bridge-tmux(container-side)- Build tmux 3.6a from source with SHA256 verification
- Documented as privileged host bridge in AGENTS.md
- Gemini agent support: Add
agents/gemini.shfor Google Gemini CLI - Docker-in-Docker auto-mount:
/var/run/docker.sockauto-mounted with--no-dockeropt-out - Version management:
scripts/version-upgrade.shandscripts/release-utils.sh - Build resilience: Use
gh apiinstead ofcurlto avoid GitHub rate limits
- docker-entrypoint.sh: usermod error handling for mounted volumes (no longer fatal under set -e)
- Dockerfile: explicit chmod 755 for script permissions (fixes execute-only bug)
- Environment variables for tmux bridge use
DEVA_BRIDGE_*prefix
Claude Code YOLO → deva.sh Multi-Agent Wrapper
This release transforms claude-code-yolo from a Claude-specific wrapper into deva.sh - a unified multi-agent wrapper supporting Claude Code, OpenAI Codex, and future coding agents.
- Multi-Agent Architecture: Pluggable agent system with
agents/claude.shandagents/codex.shmodules - Unified Dispatcher:
deva.shas the main entry point with agent selection via first argument (deva.sh codex) - Project-Scoped Container Management:
deva.sh --pslists all deva containers for current projectdeva.sh --inspect/deva.sh shellwith fzf picker for multi-container attach- Container naming:
deva-<agent>-<project>-<pid>
- Enhanced Config System:
--config-home/-Hmounts entire auth directories (.claude,.codex) into/home/deva- New
.deva/.deva.localconfig files with legacy.claude-yolo*support CONFIG_HOMEenvironment propagation to agents
- Agent-Specific Safety: Auto-injection of safety flags (
--dangerously-skip-permissionsfor Claude,--dangerously-bypass-approvals-and-sandboxfor Codex) - Codex OAuth Protection: Strips conflicting
OPENAI_*env vars when.codex/auth.jsonis mounted
- BREAKING:
deva.shreplacesclaude.shas the primary interface - BREAKING: Docker image changed to
ghcr.io/thevibeworks/deva(wasghcr.io/thevibeworks/ccyolo) - BREAKING: Container user path changed from
/rootto/home/deva - Backward Compatibility:
claude-yolo→deva.sh claudeshim maintained - Deprecation Warnings:
claude.shandclaudeb.shnow warn before forwarding todeva.sh
# Old workflow
claude.sh --yolo -v ~/.ssh:/root/.ssh:ro
# New workflow
deva.sh claude -v ~/.ssh:/home/deva/.ssh:ro
# Or use the shim (warns but works)
claude-yolo -v ~/.ssh:/home/deva/.ssh:roThis release implements the complete vision from #98 - a Docker-first multi-agent wrapper that preserves YOLO ergonomics while enabling polyglot AI toolchains.
- GitHub Copilot authentication mode (
--auth-with copilot/--copilot) with automatic proxy launch in local and YOLO runs. - Model auto-discovery from the Copilot proxy, with clear logging when defaults are injected.
- Updated Claude Code base version to 1.0.95 with new features:
- /todos command to list current todo items
- /memory command now allows direct editing of imported memory files
- Individual slash command arguments ($1, $2, $3) like shell scripts
- argument-hint frontmatter for slash commands (e.g.,
[pr-number] [priority] [assignee]) - MCP output warnings when responses exceed token limits (10k warning, 25k max)
- Configurable MCP output limit via MAX_MCP_OUTPUT_TOKENS environment variable
- Vertex AI support for global endpoints
- SDK: Add custom tools as callbacks
- Project-specific config file support (
.claude-yoloin project root) - OAuth token authentication method (
--oat, experimental) - Full configuration reference file (
.claude-yolo.full) - Environment variable expansion support (
${VAR:-default}) - Sensitive environment variable masking (API keys, tokens, secrets)
--host-netoption for Docker networking- Configuration display in startup output
- Updated Claude Code base version to 1.0.93
- Unified model aliasing system across all authentication methods
- Improved environment and volume parsing
- Enhanced security with controlled mounts and permissions
- Simplified example config file
- Streamlined release workflow through claude-yolo
- Critical security issues with config file handling
- Environment variable display formatting
- Volume mount permissions and validation
- Mask sensitive values in environment variable output
- Enhanced config file validation and security checks
- Updated Claude Code base version to 1.0.54 with latest features:
- Hooks: UserPromptSubmit hook, PreCompact hook
- Custom slash commands: argument-hint frontmatter, restored namespacing
- Shell: In-memory snapshots for better file operation reliability
- Search (Grep) tool redesigned with enhanced parameters
- MCP: server instructions support, enhanced tool result display
- @-mention file truncation increased from 100 to 2000 lines
- New /export command for conversation sharing
- /doctor command for settings file validation
- Progress messages for Bash tool based on command output
- --append-system-prompt now works in interactive mode
- Vim mode navigation improvements (c, f/F, t/T commands)
- Fixed config file corruption with atomic writes
- Migrate repository from lroolle to thevibeworks org
- Expand ~ to $HOME in release command for Docker compatibility
- Make Claude cmd configurable in release workflow
- Update Claude version to 1.0.44 and improve release flow
- Unified
--auth-withpattern for authentication method selection - Environment variable pass-through with
-eflag support - Custom config directory support
- Controlled mount security with proper read-only handling
- Complete auth system refactor with proper model handling
- Docker architecture: moved to
/home/claudefor better permissions - Environment variable standardization:
CLAUDE_YOLO_*→CCYOLO_* - Streamlined docker-entrypoint.sh with improved error handling
- Docker permission issues with auth file handling
- Security improvements with controlled mounts
- Streamlined Docker image build process
- Updated npm global installation path
- Enhanced CI pipeline with release workflow and version check
- Improved container registry configuration
- Makefile registry inconsistency with ghcr.io default image
- Add note on
CLAUDE_CONFIG_DIRand fix gcloud config symlink in entrypoint
- Unified logging system for improved UX
- Clean output by default showing only authentication method
- Verbose mode displays model selection, proxy configuration, and debug info
- Argument parsing infinite loop in claude-yolo for --inspect and --ps options
- Duplicate argument handling causing inconsistent behavior with mixed options
- claude-trace --run-with syntax (removed unnecessary "claude" argument)
- Container shortcuts now properly exit after --ps command
- Consolidated all claude-yolo argument parsing through single parse_args() function
- Enhanced claude-trace argument injection for proper --dangerously-skip-permissions placement
- Improved logging organization
- Updated documentation with logging capabilities and examples
- Docker build caching in GitHub Actions (dual GHA + registry cache strategy)
- Dynamic fallback UID/GID selection for root users
- Handle UID 0 (root user) case in docker-entrypoint.sh
- Add explicit github_token to claude-code-review action
- Handle UID=0 and GID=0 independently for security
- Simplify root user handling with hardcoded 1000 fallback
- Remove redundant comments in UID/GID handling
- Run Claude review once per PR and on manual trigger
- Docker build caching improvements in GitHub Actions
- Update logs and changelog for issue #19 caching fix
- Clarify root cause and solution for UID 0 handling
- Add OIDC token fix to dev log
- Docker image update to ghcr.io with fallback to Docker Hub
- Note when falling back to Docker Hub image in installer
- Set shellcheck to error severity to prevent CI blocking
- Improve usage examples across all documentation
- Move shellcheck to CI workflow, remove from release
- --verbose flag to show environment info and pass to Docker
- Initial release of Claude Code YOLO Docker wrapper
- Dual-mode architecture: Local mode (default) and YOLO mode (Docker)
- Support for 4 authentication methods:
- Claude App OAuth (
--claude,-c) - Anthropic API Key (
--api-key,-a) - AWS Bedrock (
--bedrock,-b) - Google Vertex AI (
--vertex,-v)
- Claude App OAuth (
- Full development environment in Docker image:
- Ubuntu 24.04 base
- Python 3.12, Node.js 22, Go 1.22, Rust
- Development tools: git, docker, aws, jq, ripgrep, fzf
- Claude CLI and claude-trace pre-installed
- Automatic
--dangerously-skip-permissionsin YOLO mode - Non-root user support with UID/GID mapping
- Authentication file mounting and permission handling
- Proxy support with automatic localhost translation
- Model alias system for easy model selection
- Docker socket mounting option (disabled by default)
- Shell access to container (
--shell) - Request tracing support (
--trace) - Dangerous directory detection with user confirmation prompt
- Quick install script for one-line setup
- Standalone
claude-yoloscript for convenient access - Prefixed logging with
[claude.sh]for better identification - Updated documentation with claude-trace integration details
- Container isolation for safe execution
- Directory access limited to current working directory
- Non-root execution inside container
- Docker socket mounting disabled by default
- Warning system for dangerous directories (home, system directories)