feat(config): support ENV=${VAR} shorthand pass-through; update examples

lroolle · lroolle · commit 434745e7b4ea · 2025-08-27T01:30:08.000-07:00
docs: add Compose-style ENV examples; warn on docker.sock; host-net Linux-only

docker: install git-lfs system-wide; avoid sudo during build; move atl as root

cli: display no_grpc_proxy in env summaries
Signed-off-by: Eric Wang &lt;wrqatw@gmail.com&gt;
diff --git a/.claude-yolo.example b/.claude-yolo.example
@@ -16,9 +16,12 @@ VOLUME=~/.gitconfig:/home/claude/.gitconfig:ro
 ENV=CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIR=true
 ENV=DISABLE_TELEMETRY=1
 
-# Mount Extra Voulmes for Claude Code References
+# Mount Extra Volumes for Claude Code References
 # VOLUME=/path/to/some-docs:$(pwd)/references/some-docs:ro
 # VOLUME=/path/to/some-script.sh:/home/claude/.local/bin/some-script.sh:ro
 
 # Environment variables from host
+# Pass through a host env var by name
+# ENV=GH_TOKEN
+# Or Compose-style shorthand pass-through of same name
 # ENV=${GH_TOKEN}
diff --git a/.claude-yolo.full b/.claude-yolo.full
@@ -66,11 +66,19 @@ ENV=DEBUG=*
 ENV=LOG_LEVEL=debug
 
 # Pass through host environment variables
+# Options:
+#   - ENV=NAME                  (pass-through by name)
+#   - ENV=${NAME}               (Compose-style shorthand, same name)
+#   - ENV=TARGET=${SOURCE:-}    (rename with default)
+ENV=GITHUB_TOKEN
 ENV=${GITHUB_TOKEN}
-ENV=${NPM_TOKEN}
+ENV=DOCKER_HOST
 ENV=${DOCKER_HOST}
+ENV=DATABASE_URL
 ENV=${DATABASE_URL}
+ENV=API_KEY
 ENV=${API_KEY}
+ENV=SECRET_KEY
 ENV=${SECRET_KEY}
 
 # Environment variables with defaults
@@ -129,6 +137,7 @@ VOLUME=~/tmp:/home/claude/tmp
 
 # Docker-in-Docker (requires careful consideration)
 VOLUME=/var/run/docker.sock:/var/run/docker.sock
+# WARNING: Grants container control over host Docker. Use only when required.
 
 # Build and cache directories
 VOLUME=~/.cache:/home/claude/.cache
@@ -157,6 +166,6 @@ VOLUME=~/output:/home/claude/output
 #   - No command substitution except $(pwd)
 #   - No backticks allowed
 #   - No path traversal (..) in CONFIG_DIR
-#   - Variable names must be [A-Z][A-Z0-9_]*
+#   - Variable names must be [A-Za-z_][A-Za-z0-9_]* (matches parser)
 #
-# =====================================
+# =====================================
diff --git a/Dockerfile b/Dockerfile
@@ -40,6 +40,9 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     update-alternatives --install /usr/bin/python python /usr/bin/python3.12 1 && \
     locale-gen en_US.UTF-8
 
+# Initialize Git LFS so it's usable for all users
+RUN git lfs install --system
+
 # Install language runtimes in parallel-friendly layers
 FROM base AS runtimes
 
@@ -141,8 +144,8 @@ RUN npm config set prefix "$CLAUDE_HOME/.npm-global" && \
     npm cache clean --force
 
 # Install Go tools for Atlassian integration (Confluence/Jira/Bitbucket)
-RUN go install github.com/lroolle/atlas-cli/cmd/atl@main && \
-    sudo mv $HOME/go/bin/atl /usr/local/bin/
+# Build as claude user; move binary as root later (avoid sudo in build)
+RUN go install github.com/lroolle/atlas-cli/cmd/atl@main
 
 RUN git clone --depth=1 https://github.com/ohmyzsh/ohmyzsh "$CLAUDE_HOME/.oh-my-zsh" && \
     git clone --depth=1 https://github.com/zsh-users/zsh-autosuggestions "$CLAUDE_HOME/.oh-my-zsh/custom/plugins/zsh-autosuggestions" && \
@@ -157,6 +160,9 @@ RUN echo 'export ZSH="$HOME/.oh-my-zsh"' > "$CLAUDE_HOME/.zshrc" && \
 
 USER root
 
+# Move atl into PATH as root (after building as claude)
+RUN test -f /home/claude/go/bin/atl && mv /home/claude/go/bin/atl /usr/local/bin/atl || true
+
 COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 
 RUN chmod +x /usr/local/bin/docker-entrypoint.sh && \
diff --git a/README.md b/README.md
@@ -59,6 +59,7 @@ claude.sh --auth-with api-key       # Use API key(may have to rerun `/login`)
 claude.sh --auth-with bedrock       # Use AWS Bedrock
 claude.sh --auth-with vertex        # Use Google Vertex AI
 claude.sh --shell                   # Open shell in container
+claude.sh --host-net                # Host networking (Linux only)
 claude.sh --help                    # Show all options
 ```
 
@@ -150,6 +151,10 @@ VOLUME=~/.gitconfig:/home/claude/.gitconfig:ro
 ENV=NODE_ENV=development
 ENV=DEBUG=myapp:*
 
+# Pass through host env (either form works)
+ENV=GH_TOKEN
+ENV=${GH_TOKEN}
+
 # Claude settings
 ANTHROPIC_MODEL=sonnet-4
 USE_TRACE=true
diff --git a/claude.sh b/claude.sh
@@ -397,7 +397,16 @@ process_env_config() {
             eval "$errors_var+=(\"Invalid env name: \$name\")"
         fi
     else
-        if validate_env_name "$value" && [ -n "${!value}" ]; then
+        # Shorthand pass-through: ENV=${VAR} or ENV=$VAR
+        if [[ "$value" =~ ^\$\{([A-Za-z_][A-Za-z0-9_]*)\}$ ]] || [[ "$value" =~ ^\$([A-Za-z_][A-Za-z0-9_]*)$ ]]; then
+            local short_var_name
+            short_var_name="${BASH_REMATCH[1]}"
+            if [ -n "${!short_var_name}" ]; then
+                EXTRA_ENV_VARS+=("-e" "$short_var_name=${!short_var_name}")
+                DOCKER_ONLY_WARNINGS+=("Config environment variable: $short_var_name=${!short_var_name} (ignored in local mode)")
+            fi
+        elif validate_env_name "$value" && [ -n "${!value}" ]; then
+            # Pass-through by name: ENV=VAR
             EXTRA_ENV_VARS+=("-e" "$value=${!value}")
             DOCKER_ONLY_WARNINGS+=("Config environment variable: $value=${!value} (ignored in local mode)")
         fi
@@ -785,6 +794,16 @@ run_claude_local() {
     elif [ -n "$GRPC_PROXY" ]; then
         ENV_VARS+="   $(format_env_display 'GRPC_PROXY' "$GRPC_PROXY")\n"
     fi
+    if [ -n "$no_grpc_proxy" ]; then
+        ENV_VARS+="   $(format_env_display 'no_grpc_proxy' "$no_grpc_proxy")\n"
+    elif [ -n "$NO_GRPC_PROXY" ]; then
+        ENV_VARS+="   $(format_env_display 'NO_GRPC_PROXY' "$NO_GRPC_PROXY")\n"
+    fi
+    if [ -n "$no_grpc_proxy" ]; then
+        ENV_VARS+="   $(format_env_display 'no_grpc_proxy' "$no_grpc_proxy")\n"
+    elif [ -n "$NO_GRPC_PROXY" ]; then
+        ENV_VARS+="   $(format_env_display 'NO_GRPC_PROXY' "$NO_GRPC_PROXY")\n"
+    fi
     if [ -n "$HTTP_PROXY" ]; then
         ENV_VARS+="   $(format_env_display 'HTTP_PROXY' "$HTTP_PROXY")\n"
     elif [ -n "$http_proxy" ]; then
@@ -1303,6 +1322,11 @@ if [ -n "$grpc_proxy" ]; then
 elif [ -n "$GRPC_PROXY" ]; then
     ENV_VARS+="   $(format_env_display 'GRPC_PROXY' "$GRPC_PROXY")\n"
 fi
+if [ -n "$no_grpc_proxy" ]; then
+    ENV_VARS+="   $(format_env_display 'no_grpc_proxy' "$no_grpc_proxy")\n"
+elif [ -n "$NO_GRPC_PROXY" ]; then
+    ENV_VARS+="   $(format_env_display 'NO_GRPC_PROXY' "$NO_GRPC_PROXY")\n"
+fi
 if [ -n "$HTTP_PROXY" ]; then
     ENV_VARS+="   $(format_env_display 'HTTP_PROXY' "$HTTP_PROXY")\n"
 elif [ -n "$http_proxy" ]; then
