refactor: auth system and environment handling

- auth: unified --auth-with pattern, proper model handling
- env: add -e flag support and custom config dir
- docker: move to /home/claude, fix permissions
- security: controlled mounts, proper RO handling
- cleanup: standardize env vars CLAUDE_YOLO_* → CCYOLO_*

Author: lroolle

.gitignore

@@ -142,3 +142,6 @@ dist
 .svelte-kit
 
 # End of https://www.toptal.com/developers/gitignore/api/node
+
+# Claude YOLO Pro - Private build directory
+claude-yolo-pro/

DEV-LOGS.md

@@ -1,8 +1,130 @@
 # Development Logs
-- Prepend new entries with `## Issue Analysis: YYYY-MM-DD`.
+- Prepend new entries with `## Dev Log: YYYY-MM-DD`.
+- Reference issue numbers in the format `#<issue-number>` for easy linking.
 - We write or explain to the damn point. Be clear, be super concise - no fluff, no hand-holding, no repeating.
 - Minimal markdown markers, no unnecessary formatting, minimal unicode emojis.
 
+## Dev Log: 2025-07-09
+
+### [enhancement-completed] Auth system overhaul and environment handling
+
+**Problem**: Messy auth flags, poor environment handling, inconsistent Docker mounts.
+
+**Solution**: 
+- Unified auth with `--auth-with` pattern (claude|api-key|bedrock|vertex)
+- Proper environment var handling with `-e` flag
+- Controlled auth directory mounting with explicit permissions
+- Smart model name handling for each auth mode
+
+**Technical**:
+- Freed -v for Docker volume mounts (was conflicting with --vertex)
+- Added model name translation for API key mode
+- Implemented proper ARN generation for Bedrock
+- Added environment detection for tools and auth status
+
+**Result**: Clean auth system, proper env handling, secure mounts.
+
+---
+
+## Dev Log: 2025-07-08
+
+### [enhancement-completed] Custom config directory and environment variable support
+
+**Problem**: Users needed separate auth sessions for different projects and better environment variable handling.
+
+**Root Cause**: Fixed path mounting made multi-project auth management difficult, no env var support in Docker mode.
+
+**Solution**: Added `--config` flag for custom Claude config home and `-e` flag for environment variables.
+
+**Implementation**:
+- `--config ~/work-claude` creates and mounts custom config directory
+- `-e NODE_ENV=dev` or `-e DEBUG` passes environment variables
+- Fixed npm-global path handling for claude user
+- Standardized mount paths to `/home/claude` instead of `/root`
+- Environment variable naming: `CLAUDE_YOLO_*` → `CCYOLO_*`
+- Auth isolation: unset conflicting auth variables per mode
+
+**Benefits**:
+- ✅ **Project isolation**: Separate auth sessions per project
+- ✅ **Environment control**: Full env var support in Docker mode
+- ✅ **Path consistency**: All mounts to `/home/claude`
+- ✅ **Auth reliability**: No cross-contamination between auth modes
+
+**Related**: Issues #46, #45 (configuration management)
+
+**Status**: ✅ **COMPLETED**
+
+---
+
+## Issue Analysis: 2025-07-04
+
+### [enhancement-analysis] Docker Compose configuration support
+
+**Problem**: Command line arguments become unmanageable for complex setups with multiple volumes and environment variables.
+
+**Current Pain Point**:
+```bash
+claude-yolo -v ~/.ssh:/root/.ssh:ro -v ~/Desktop/claude:/home/claude/.claude/ -v ~/.config/git:/home/claude/.config/git -v ../yolo-tools/scripts/barkme.sh:/home/claude/.local/bin/barkme.sh --continue
+```
+
+**Root Cause Analysis**:
+1. **CLI limitations**: Long command lines are hard to edit, share, version control
+2. **Multi-container needs**: Users want playwright services, MCP servers, other tools
+3. **Team collaboration**: Complex setups need to be shared across team members
+4. **Missing configuration hierarchy**: No project vs user vs local settings distinction
+
+**Proposed Solution**: Docker Compose integration following Claude Code's settings pattern
+
+**Configuration Hierarchy** (mirrors Claude Code's approach):
+```
+.claude/
+├── claude-yolo.local.yml    # Project-local (gitignored)
+├── claude-yolo.yml          # Project-shared (version controlled)
+└── ~/.claude/claude-yolo.yml # User global
+```
+
+**Multi-container Support**:
+```yaml
+# .claude/claude-yolo.yml
+version: '3.8'
+services:
+  claude:
+    image: ghcr.io/lroolle/claude-code-yolo:latest
+    volumes:
+      - ~/.ssh:/root/.ssh:ro
+      - ${PWD}:${PWD}
+    depends_on:
+      - playwright
+      - mcp-server
+
+  playwright:
+    image: mcr.microsoft.com/playwright:v1.40.0-focal
+    ports: ["3000:3000"]
+
+  mcp-server:
+    image: custom/mcp-server:latest
+    ports: ["8080:8080"]
+```
+
+**Implementation Requirements**:
+1. **Auto-detection**: Check for compose files in precedence order
+2. **Backward compatibility**: Keep CLI args for simple cases
+3. **Multi-container orchestration**: Full Docker Compose integration
+4. **Settings coexistence**: Respect existing `.claude/settings.json` handling
+
+**Benefits**:
+- ✅ **Manageable configs**: No more insane command lines
+- ✅ **Team collaboration**: Share service definitions via git
+- ✅ **Multi-container**: Enable complex development environments
+- ✅ **Familiar patterns**: Follow Claude Code's settings hierarchy
+- ✅ **Version control**: Compose files are easily tracked
+
+**Related Issues**:
+- Issue #24: Environment variable support (partially addresses)
+- Issue #33: DevContainer support question (compose provides better solution)
+
+**Status**: Analysis complete, ready for implementation
+
 ## Issue Analysis: 2025-06-23
 
 ### [bug-fixed] Root user (UID 0) handling in docker-entrypoint.sh

Dockerfile

@@ -15,7 +15,7 @@ ENV DEBIAN_FRONTEND=noninteractive \
     LANGUAGE=en_US:en \
     LC_ALL=en_US.UTF-8 \
     TZ=UTC \
-    PATH=/root/.local/bin:/usr/local/go/bin:/usr/local/share/npm-global/bin:$PATH
+    PATH=/root/.local/bin:/usr/local/go/bin:$PATH
 
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,target=/var/lib/apt,sharing=locked \
@@ -29,7 +29,8 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
         python3-dev libffi-dev \
         jq ripgrep lsof tree make gcc g++ \
         openssh-client rsync \
-        shellcheck bat fd-find \
+        shellcheck bat fd-find silversearcher-ag \
+        vim \
         git procps psmisc zsh && \
     add-apt-repository ppa:deadsnakes/ppa && \
     apt-get update && \
@@ -49,9 +50,6 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     apt-get install -y --no-install-recommends nodejs && \
     apt-get -y clean && rm -rf /var/lib/apt/lists/*
 
-RUN mkdir -p /usr/local/share/npm-global
-ENV NPM_CONFIG_PREFIX=/usr/local/share/npm-global
-
 RUN --mount=type=cache,target=/root/.npm,sharing=locked \
     npm install -g npm@latest pnpm && \
     npm cache clean --force
@@ -114,15 +112,8 @@ ENV NPM_CONFIG_FETCH_RETRIES=5 \
     NPM_CONFIG_FETCH_RETRY_FACTOR=2 \
     NPM_CONFIG_FETCH_RETRY_MINTIMEOUT=10000
 
-# Claude Code installation - separate layer for easier version management
-FROM tools AS claude-tools
-ARG CLAUDE_CODE_VERSION=1.0.41
-RUN --mount=type=cache,target=/root/.npm,sharing=locked \
-    npm install -g @anthropic-ai/claude-code@${CLAUDE_CODE_VERSION} @mariozechner/claude-trace && \
-    npm cache clean --force
-
 # Final stage with shell setup
-FROM claude-tools AS final
+FROM tools AS final
 
 # Create non-root user for Claude execution
 # Using 1001 as default to avoid conflicts with ubuntu user (usually 1000)
@@ -137,13 +128,29 @@ RUN groupadd -g "$CLAUDE_GID" "$CLAUDE_USER" && \
     echo "$CLAUDE_USER ALL=(ALL) NOPASSWD: ALL" > "/etc/sudoers.d/$CLAUDE_USER" && \
     chmod 440 "/etc/sudoers.d/$CLAUDE_USER"
 
-# Give claude user ownership of npm-global directory
-RUN chown -R "$CLAUDE_UID:$CLAUDE_GID" /usr/local/share/npm-global
+# Configure npm-global directory for claude user
+RUN mkdir -p "$CLAUDE_HOME/.npm-global" && \
+    chown -R "$CLAUDE_UID:$CLAUDE_GID" "$CLAUDE_HOME/.npm-global"
+
+# Set npm configuration for claude user and install Claude CLI
+USER $CLAUDE_USER
+ARG CLAUDE_CODE_VERSION=1.0.41
+RUN npm config set prefix "$CLAUDE_HOME/.npm-global" && \
+    npm install -g @anthropic-ai/claude-code@${CLAUDE_CODE_VERSION} @mariozechner/claude-trace && \
+    npm cache clean --force
+
+RUN git clone --depth=1 https://github.com/ohmyzsh/ohmyzsh "$CLAUDE_HOME/.oh-my-zsh" && \
+    git clone --depth=1 https://github.com/zsh-users/zsh-autosuggestions "$CLAUDE_HOME/.oh-my-zsh/custom/plugins/zsh-autosuggestions" && \
+    git clone --depth=1 https://github.com/zsh-users/zsh-syntax-highlighting.git "$CLAUDE_HOME/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting"
+
+# Create .zshrc for claude user
+RUN echo 'export ZSH="$HOME/.oh-my-zsh"' > "$CLAUDE_HOME/.zshrc" && \
+    echo 'ZSH_THEME="robbyrussell"' >> "$CLAUDE_HOME/.zshrc" && \
+    echo 'plugins=(git docker python golang node npm aws zsh-autosuggestions zsh-syntax-highlighting)' >> "$CLAUDE_HOME/.zshrc" && \
+    echo 'source $ZSH/oh-my-zsh.sh' >> "$CLAUDE_HOME/.zshrc" && \
+    echo 'export PATH=$HOME/.local/bin:$HOME/.npm-global/bin:/usr/local/go/bin:$PATH' >> "$CLAUDE_HOME/.zshrc"
 
-# Simple zsh setup
-RUN echo 'export PATH=/root/.local/bin:/usr/local/go/bin:/usr/local/share/npm-global/bin:$PATH' >> ~/.zshrc
-RUN echo 'export PATH=$HOME/.local/bin:/usr/local/go/bin:/usr/local/share/npm-global/bin:$PATH' >> "$CLAUDE_HOME/.zshrc" && \
-    chown "$CLAUDE_USER:$CLAUDE_USER" "$CLAUDE_HOME/.zshrc"
+USER root
 
 COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 

README.md

@@ -70,6 +70,19 @@ claude.sh --help                    # Show all options
 - **AWS Bedrock**: Uses `~/.aws` credentials - `--auth-with bedrock`
 - **Google Vertex**: Uses `~/.config/gcloud` credentials - `--auth-with vertex`
 
+### Custom Configuration Directory
+
+Use a custom Claude config home instead of the default `~/.claude` and `~/.claude.json`:
+
+```bash
+# Use custom config directory home, should contains both ~/.claude.json and ~/.claude
+claude-yolo --config ~/work-claude
+```
+
+This is useful for:
+- Separate auth sessions for different projects
+- Isolating Claude configurations
+
 ## GitHub CLI Authentication
 
 For GitHub operations (creating PRs, managing repos), set the `GH_TOKEN` environment variable:
@@ -115,7 +128,7 @@ claude-yolo -v ~/.terraform.d:/root/.terraform.d
 - **Proxy Support**: Automatic `localhost` → `host.docker.internal` translation
 - **Model Selection**: Use any Claude model via `ANTHROPIC_MODEL` env var
 - **Request Tracing**: Debug with `--trace` flag using claude-trace
-- **Docker Socket**: Optional mounting with `CLAUDE_YOLO_DOCKER_SOCKET=true`
+- **Docker Socket**: Optional mounting with `CCYOLO_DOCKER_SOCKET=true`
 
 
 ### Request Tracing by @badlogic `claude-trace`
@@ -134,7 +147,7 @@ docker pull ghcr.io/lroolle/claude-code-yolo:latest
 docker pull lroolle/claude-code-yolo:latest
 
 # Use specific registry
-DOCKER_IMAGE=lroolle/claude-code-yolo claude-yolo
+CCYOLO_DOCKER_IMAGE=lroolle/claude-code-yolo claude-yolo
 ```
 
 ## Manual Setup

claude-yolo

@@ -81,6 +81,14 @@ parse_args() {
             claude_args+=("-v" "$2")
             shift 2
             ;;
+        -e)
+            if [ -z "$2" ]; then
+                echo "Error: -e requires an argument" >&2
+                exit 1
+            fi
+            claude_args+=("-e" "$2")
+            shift 2
+            ;;
         --inspect)
             inspect_container
             # inspect_container calls exec, but add shift for safety
@@ -90,6 +98,14 @@ parse_args() {
             list_containers
             exit 0
             ;;
+        --config | -c)
+            if [ -z "$2" ]; then
+                echo "Error: --config requires an argument" >&2
+                exit 1
+            fi
+            claude_args+=("--config" "$2")
+            shift 2
+            ;;
         --help | -h)
             echo "Claude YOLO - Container Shortcuts"
             echo ""
@@ -99,17 +115,30 @@ parse_args() {
             echo "  --inspect     Enter running container as claude user"
             echo "  --ps          List containers for this project"
             echo ""
+            echo "Configuration:"
+            echo "  --config DIR  Use custom Claude config home instead of ~/.claude, ~/.claude.json "
+            echo "  -c DIR        Creates directory and .claude.json if they don't exist"
+            echo ""
             echo "Volume Mounting:"
             echo "  -v            Mount volume (Docker syntax: source:target[:options])"
             echo "                Can be used multiple times"
             echo ""
+            echo "Environment Variables:"
+            echo "  -e VAR=value  Set environment variable explicitly"
+            echo "  -e VAR        Pass environment variable from shell"
+            echo "                Can be used multiple times"
+            echo ""
             echo "Examples:"
-            echo "  claude-yolo                                  # Run Claude in YOLO mode"
-            echo "  claude-yolo --inspect                        # Quick access to running container"
-            echo "  claude-yolo --ps                             # See project containers"
-            echo "  claude-yolo -v ~/.gitconfig:/root/.gitconfig        # Mount git config"
-            echo "  claude-yolo -v ~/.ssh:/root/.ssh:ro                 # Mount SSH keys read-only"
+            echo "  claude-yolo                                         # Run Claude in YOLO mode"
+            echo "  CCYOLO_DOCKER_IMAGE=custom-image claude-yolo        # Use custom image"
+            echo "  claude-yolo --inspect                               # Quick access to running container"
+            echo "  claude-yolo --ps                                    # See project containers"
+            echo "  claude-yolo -v ~/.gitconfig:/home/claude/.gitconfig # Mount git config"
+            echo "  claude-yolo -v ~/.ssh:/home/claude/.ssh:ro          # Mount SSH keys read-only"
             echo "  claude-yolo -v ~/tools:/tools -v ~/data:/data       # Multiple mounts"
+            echo "  claude-yolo --config ~/work-claude                  # Custom config home"
+            echo "  claude-yolo -e NODE_ENV=dev -e DEBUG                # Set env vars"
+            echo "  export API_KEY=xyz; claude-yolo -e API_KEY          # Pass from shell"
             exit 0
             ;;
         *)
@@ -122,5 +151,4 @@ parse_args() {
     exec "$CLAUDE_SH" --yolo "${claude_args[@]}"
 }
 
-# All argument parsing handled by parse_args
 parse_args "$@"