npm automatically picks up GITHUB_TOKEN / NPM_TOKEN from the build
environment and writes them as _authToken entries in /root/.npmrc and
/usr/local/etc/npmrc during 'npm install -g'. Add a cleanup RUN step
that removes any npmrc file containing auth tokens before the image is
finalised, and explicitly deletes the two most common registry auth
keys via 'npm config delete'.
Also add .npmrc to .dockerignore as an extra guard against accidentally
COPY-ing a local credential file into the build context.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Docker Desktop requires a commercial licence for business use. Replace all
references with free alternatives:
- macOS: Rancher Desktop (GUI) or Colima (CLI)
- Linux: Docker Engine CE (no Desktop needed at all)
- Windows: Rancher Desktop or WSL2 + Docker Engine
setup.sh detects the OS and shows platform-specific install instructions.
claude.sh defers to setup.sh for install hints to avoid duplication.
README documents all options including a WSL2 setup walkthrough.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Run from the project directory you want to work on; claude.sh mounts
it automatically. Removes WORKSPACE_DIR env var support and the
named claude-secure-workspace Docker volume.
Make ANTHROPIC_API_KEY optional. Add CLAUDE_CODE_OAUTH_TOKEN pass-through
for headless token-based auth (claude setup-token). When neither is set,
Claude Code falls back to browser OAuth on port 54545. Add claude-config
named volume mounted at ~/.claude/ in both claude and webui services so
credentials persist across container runs. Pre-create ~/.claude/ in the
Dockerfile so the volume is initialised with correct ownership. Add
--service-ports to docker compose run calls to publish port 54545 during
CLI sessions.
Replace node:20-slim/ubuntu:22.04 with node:20-alpine/alpine:3.21.
Switch package management from apt to apk (--no-cache, no cleanup layer).
Use Alpine addgroup/adduser in claude/Dockerfile. Update proxy to use
squid user (Alpine convention) and /var/cache/squid cache path.
Fix proxy/Dockerfile COPY path now that context is proxy/. Move
webui-entrypoint.sh into claude/ to match its build context. Fix
docker-compose.yml webui context to claude/, update proxy tmpfs path.
Adds a webui service to docker-compose that wraps Claude Code in ttyd,
serving a browser-accessible terminal on port 7681. The webui reuses
Dockerfile.claude (ttyd added to apt deps) with a dedicated entrypoint
script that enforces WEBUI_PASSWORD before starting. Network isolation
is identical to the CLI container: claude-internal only, all egress via
the proxy allowlist. claude.sh gains web and web-stop commands.
