Remove all four MCP server packages from the Dockerfile along with their
associated env vars (docker-compose.yml, .env.example) and egress allowlist
entries (squid.conf).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
MCP servers bundle their own copies of vulnerable packages. After global
install, patch nested node_modules in each server directly:
- @modelcontextprotocol/sdk 1.0.1 → 1.25.2 (CVE-2025-66414, CVE-2026-0621)
- picomatch 4.0.3 → 4.0.4 (CVE-2026-33671)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
dhi.io is unreachable on the company network, blocking apk during build.
Trivy scanning in CI provides vulnerability coverage in the meantime.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Install four MCP servers globally in the claude image:
@modelcontextprotocol/server-github → mcp-server-github
@yoda.digital/gitlab-mcp-server → gitlab-mcp-server
@aashari/mcp-server-atlassian-jira → mcp-atlassian-jira
@aashari/mcp-server-atlassian-confluence → mcp-atlassian-confluence
Wire them in managed-settings.json via mcpServers with env var
pass-through. Jira and Confluence share ATLASSIAN_* credentials.
Add api.github.com, .gitlab.com, .atlassian.net to the squid
allowlist. All credentials are optional — servers are skipped
if the relevant env vars are unset.
Add /etc/claude-code/managed-settings.json with availableModels set to
the three Anthropic model families. The file is root-owned inside the
container so the node user cannot modify it. Managed settings cannot be
bypassed via --model flag, /model command, or ANTHROPIC_MODEL env var.
Drop the addgroup/adduser layer entirely. node:20-alpine already ships
a node user at uid/gid 1000. Update chown and USER directives, and
update the claude-config volume mount path to /home/node/.claude.
Make ANTHROPIC_API_KEY optional. Add CLAUDE_CODE_OAUTH_TOKEN pass-through
for headless token-based auth (claude setup-token). When neither is set,
Claude Code falls back to browser OAuth on port 54545. Add claude-config
named volume mounted at ~/.claude/ in both claude and webui services so
credentials persist across container runs. Pre-create ~/.claude/ in the
Dockerfile so the volume is initialised with correct ownership. Add
--service-ports to docker compose run calls to publish port 54545 during
CLI sessions.
Replace node:20-slim/ubuntu:22.04 with node:20-alpine/alpine:3.21.
Switch package management from apt to apk (--no-cache, no cleanup layer).
Use Alpine addgroup/adduser in claude/Dockerfile. Update proxy to use
squid user (Alpine convention) and /var/cache/squid cache path.
Fix proxy/Dockerfile COPY path now that context is proxy/. Move
webui-entrypoint.sh into claude/ to match its build context. Fix
docker-compose.yml webui context to claude/, update proxy tmpfs path.
