e0e5e03e58
Two-container setup: claude (UID 1000, internal-only network) and proxy (Squid, UID 13). The internal Docker network uses internal: true so the claude container has no direct internet route. All egress is tunnelled through the Squid sidecar which enforces a domain allowlist. Both containers drop all capabilities and set no-new-privileges. claude.sh provides start/stop/run/update/logs/status/shell lifecycle management.
9 lines
358 B
Text
9 lines
358 B
Text
# Copy this file to .env and fill in your values.
|
|
# .env is git-ignored — never commit it.
|
|
|
|
# Required: your Anthropic API key
|
|
ANTHROPIC_API_KEY=sk-ant-...
|
|
|
|
# Optional: mount a host directory as /workspace inside the Claude container.
|
|
# If unset, a named Docker volume is used (fully isolated from the host).
|
|
# WORKSPACE_DIR=/absolute/path/to/your/project
|