docker-claude/claude/Dockerfile

FROM node:24-alpine

# Upgrade npm to pull in patched bundled deps (cross-spawn, glob, minimatch, tar)
# CVEs: CVE-2024-21538, CVE-2025-64756, CVE-2026-26996/27903/27904, CVE-2026-23745/23950/24842/26960/29786/31802
RUN npm install -g npm@11.12.1

# Install runtime dependencies
RUN apk add --no-cache \
  git \
  curl \
  ca-certificates \
  bash

# Install kubectl — architecture-aware, checksum-verified
RUN KUBECTL_VERSION=$(curl -fsSL https://dl.k8s.io/release/stable.txt) \
  && ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/') \
  && curl -fsSL "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl" \
  -o /usr/local/bin/kubectl \
  && curl -fsSL "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl.sha256" \
  -o /tmp/kubectl.sha256 \
  && echo "$(cat /tmp/kubectl.sha256)  /usr/local/bin/kubectl" | sha256sum -c \
  && rm /tmp/kubectl.sha256 \
  && chmod +x /usr/local/bin/kubectl

# System-level Claude Code policy — owned by root, not writable by the node user.
# Restricts available models; cannot be bypassed via CLI flags or env vars.
COPY settings.json /etc/claude-code/managed-settings.json

# Install Claude Code stable release
RUN curl -fsSL https://claude.ai/install.sh | bash -s stable


# Install MCP servers globally — entry points land in /usr/local/lib/node_modules/
RUN npm install -g \
  @modelcontextprotocol/server-github \
  @yoda.digital/gitlab-mcp-server \
  @aashari/mcp-server-atlassian-jira \
  @aashari/mcp-server-atlassian-confluence

# Workspace and Claude config dir — owned by the built-in node user (uid 1000).
# Pre-creating ~/.claude ensures the named volume is initialised with the
# correct ownership when first mounted (Docker copies image content into
# an empty named volume on first use).
RUN mkdir -p /workspace /home/node/.claude \
  && chown -R node:node /workspace /home/node/.claude

USER node
WORKDIR /workspace

# Proxy traffic through sidecar — override at runtime if needed
ENV HTTP_PROXY=http://proxy:3128
ENV HTTPS_PROXY=http://proxy:3128
ENV ALL_PROXY=http://proxy:3128
ENV NO_PROXY=localhost,127.0.0.1

ENTRYPOINT ["claude"]
chore(docker): upgrade base image to node:24-alpine (LTS) Node 24 (Krypton) is the current LTS release. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-20 15:16:52 +02:00			`FROM node:24-alpine`
initial 2026-04-14 20:11:24 +02:00
fix(docker): upgrade npm to remediate 11 HIGH CVEs in bundled dependencies All findings are in npm's own bundled packages (cross-spawn, glob, minimatch, tar). Upgrading npm to latest pulls in the patched versions: - cross-spawn ≥7.0.5 (CVE-2024-21538) - glob ≥10.5.0 (CVE-2025-64756) - minimatch ≥9.0.6 (CVE-2026-26996, CVE-2026-27903, CVE-2026-27904) - tar ≥7.5.11 (CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2026-26960, CVE-2026-29786, CVE-2026-31802) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-20 15:14:58 +02:00			`# Upgrade npm to pull in patched bundled deps (cross-spawn, glob, minimatch, tar)`
			`# CVEs: CVE-2024-21538, CVE-2025-64756, CVE-2026-26996/27903/27904, CVE-2026-23745/23950/24842/26960/29786/31802`
chore(docker): pin npm to 11.12.1 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-20 15:15:51 +02:00			`RUN npm install -g npm@11.12.1`
fix(docker): upgrade npm to remediate 11 HIGH CVEs in bundled dependencies All findings are in npm's own bundled packages (cross-spawn, glob, minimatch, tar). Upgrading npm to latest pulls in the patched versions: - cross-spawn ≥7.0.5 (CVE-2024-21538) - glob ≥10.5.0 (CVE-2025-64756) - minimatch ≥9.0.6 (CVE-2026-26996, CVE-2026-27903, CVE-2026-27904) - tar ≥7.5.11 (CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2026-26960, CVE-2026-29786, CVE-2026-31802) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-20 15:14:58 +02:00
refactor(docker): migrate both images to Alpine Replace node:20-slim/ubuntu:22.04 with node:20-alpine/alpine:3.21. Switch package management from apt to apk (--no-cache, no cleanup layer). Use Alpine addgroup/adduser in claude/Dockerfile. Update proxy to use squid user (Alpine convention) and /var/cache/squid cache path. Fix proxy/Dockerfile COPY path now that context is proxy/. Move webui-entrypoint.sh into claude/ to match its build context. Fix docker-compose.yml webui context to claude/, update proxy tmpfs path. 2026-04-14 22:40:57 +02:00			`# Install runtime dependencies`
			`RUN apk add --no-cache \`
use new native install 2026-04-15 19:18:39 +02:00			`git \`
			`curl \`
			`ca-certificates \`
feat: remove webui 2026-04-15 21:59:08 +02:00			`bash`
initial 2026-04-14 20:11:24 +02:00
feat(claude): install kubectl into container image 2026-04-15 08:47:32 +02:00			`# Install kubectl — architecture-aware, checksum-verified`
			`RUN KUBECTL_VERSION=$(curl -fsSL https://dl.k8s.io/release/stable.txt) \`
use new native install 2026-04-15 19:18:39 +02:00			`&& ARCH=$(uname -m \| sed 's/x86_64/amd64/;s/aarch64/arm64/') \`
			`&& curl -fsSL "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl" \`
			`-o /usr/local/bin/kubectl \`
			`&& curl -fsSL "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl.sha256" \`
			`-o /tmp/kubectl.sha256 \`
			`&& echo "$(cat /tmp/kubectl.sha256) /usr/local/bin/kubectl" \| sha256sum -c \`
			`&& rm /tmp/kubectl.sha256 \`
			`&& chmod +x /usr/local/bin/kubectl`
feat(claude): install kubectl into container image 2026-04-15 08:47:32 +02:00
feat(policy): restrict available models to sonnet, opus, haiku Add /etc/claude-code/managed-settings.json with availableModels set to the three Anthropic model families. The file is root-owned inside the container so the node user cannot modify it. Managed settings cannot be bypassed via --model flag, /model command, or ANTHROPIC_MODEL env var. 2026-04-14 22:55:02 +02:00			`# System-level Claude Code policy — owned by root, not writable by the node user.`
			`# Restricts available models; cannot be bypassed via CLI flags or env vars.`
refactor(policy): rename managed-settings.json to settings.json 2026-04-14 22:59:25 +02:00			`COPY settings.json /etc/claude-code/managed-settings.json`
feat(policy): restrict available models to sonnet, opus, haiku Add /etc/claude-code/managed-settings.json with availableModels set to the three Anthropic model families. The file is root-owned inside the container so the node user cannot modify it. Managed settings cannot be bypassed via --model flag, /model command, or ANTHROPIC_MODEL env var. 2026-04-14 22:55:02 +02:00
docs: updated inline docs 2026-04-15 22:43:00 +02:00			`# Install Claude Code stable release`
fix: ash doesn't seem to work with the claude script 2026-04-16 09:48:42 +02:00			`RUN curl -fsSL https://claude.ai/install.sh \| bash -s stable`
use new native install 2026-04-15 19:18:39 +02:00
initial 2026-04-14 20:11:24 +02:00
feat(mcp): add GitHub, GitLab, Jira, and Confluence MCP servers Install four MCP servers globally in the claude image: @modelcontextprotocol/server-github → mcp-server-github @yoda.digital/gitlab-mcp-server → gitlab-mcp-server @aashari/mcp-server-atlassian-jira → mcp-atlassian-jira @aashari/mcp-server-atlassian-confluence → mcp-atlassian-confluence Wire them in managed-settings.json via mcpServers with env var pass-through. Jira and Confluence share ATLASSIAN_* credentials. Add api.github.com, .gitlab.com, .atlassian.net to the squid allowlist. All credentials are optional — servers are skipped if the relevant env vars are unset. 2026-04-14 23:09:42 +02:00			`# Install MCP servers globally — entry points land in /usr/local/lib/node_modules/`
			`RUN npm install -g \`
use new native install 2026-04-15 19:18:39 +02:00			`@modelcontextprotocol/server-github \`
			`@yoda.digital/gitlab-mcp-server \`
			`@aashari/mcp-server-atlassian-jira \`
			`@aashari/mcp-server-atlassian-confluence`
feat(mcp): add GitHub, GitLab, Jira, and Confluence MCP servers Install four MCP servers globally in the claude image: @modelcontextprotocol/server-github → mcp-server-github @yoda.digital/gitlab-mcp-server → gitlab-mcp-server @aashari/mcp-server-atlassian-jira → mcp-atlassian-jira @aashari/mcp-server-atlassian-confluence → mcp-atlassian-confluence Wire them in managed-settings.json via mcpServers with env var pass-through. Jira and Confluence share ATLASSIAN_* credentials. Add api.github.com, .gitlab.com, .atlassian.net to the squid allowlist. All credentials are optional — servers are skipped if the relevant env vars are unset. 2026-04-14 23:09:42 +02:00
refactor(claude): use built-in node user instead of custom claude user Drop the addgroup/adduser layer entirely. node:20-alpine already ships a node user at uid/gid 1000. Update chown and USER directives, and update the claude-config volume mount path to /home/node/.claude. 2026-04-14 22:50:59 +02:00			`# Workspace and Claude config dir — owned by the built-in node user (uid 1000).`
feat(auth): support subscription login alongside API key Make ANTHROPIC_API_KEY optional. Add CLAUDE_CODE_OAUTH_TOKEN pass-through for headless token-based auth (claude setup-token). When neither is set, Claude Code falls back to browser OAuth on port 54545. Add claude-config named volume mounted at ~/.claude/ in both claude and webui services so credentials persist across container runs. Pre-create ~/.claude/ in the Dockerfile so the volume is initialised with correct ownership. Add --service-ports to docker compose run calls to publish port 54545 during CLI sessions. 2026-04-14 22:47:04 +02:00			`# Pre-creating ~/.claude ensures the named volume is initialised with the`
			`# correct ownership when first mounted (Docker copies image content into`
			`# an empty named volume on first use).`
refactor(claude): use built-in node user instead of custom claude user Drop the addgroup/adduser layer entirely. node:20-alpine already ships a node user at uid/gid 1000. Update chown and USER directives, and update the claude-config volume mount path to /home/node/.claude. 2026-04-14 22:50:59 +02:00			`RUN mkdir -p /workspace /home/node/.claude \`
use new native install 2026-04-15 19:18:39 +02:00			`&& chown -R node:node /workspace /home/node/.claude`
initial 2026-04-14 20:11:24 +02:00
refactor(claude): use built-in node user instead of custom claude user Drop the addgroup/adduser layer entirely. node:20-alpine already ships a node user at uid/gid 1000. Update chown and USER directives, and update the claude-config volume mount path to /home/node/.claude. 2026-04-14 22:50:59 +02:00			`USER node`
initial 2026-04-14 20:11:24 +02:00			`WORKDIR /workspace`

			`# Proxy traffic through sidecar — override at runtime if needed`
			`ENV HTTP_PROXY=http://proxy:3128`
			`ENV HTTPS_PROXY=http://proxy:3128`
			`ENV ALL_PROXY=http://proxy:3128`
			`ENV NO_PROXY=localhost,127.0.0.1`

			`ENTRYPOINT ["claude"]`