e0e5e03e58
Two-container setup: claude (UID 1000, internal-only network) and proxy (Squid, UID 13). The internal Docker network uses internal: true so the claude container has no direct internet route. All egress is tunnelled through the Squid sidecar which enforces a domain allowlist. Both containers drop all capabilities and set no-new-privileges. claude.sh provides start/stop/run/update/logs/status/shell lifecycle management.
8 lines
74 B
Text
8 lines
74 B
Text
.env
|
|
*.log
|
|
.git
|
|
README.md
|
|
claude.sh
|
|
.gitignore
|
|
.env.example
|
|
.dockerignore
|