container/Dockerfile

FROM ubuntu:24.04

# Multi-arch: builds for linux/amd64 and linux/arm64 (Apple Silicon)
# Avoid interactive prompts during package install
ENV DEBIAN_FRONTEND=noninteractive

# ── System packages ──────────────────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    git \
    curl \
    wget \
    openssh-client \
    build-essential \
    ripgrep \
    jq \
    sudo \
    ca-certificates \
    gnupg \
    locales \
    unzip \
    pkg-config \
    libssl-dev \
    cron \
    && rm -rf /var/lib/apt/lists/*

# Remove default ubuntu user to free UID 1000 for host-user remapping
RUN if id ubuntu >/dev/null 2>&1; then userdel -r ubuntu 2>/dev/null || userdel ubuntu; fi \
    && if getent group ubuntu >/dev/null 2>&1; then groupdel ubuntu 2>/dev/null || true; fi

# Set UTF-8 locale
RUN locale-gen en_US.UTF-8
ENV LANG=en_US.UTF-8
ENV LC_ALL=en_US.UTF-8

# ── GitHub CLI ───────────────────────────────────────────────────────────────
RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
    | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
    && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
    > /etc/apt/sources.list.d/github-cli.list \
    && apt-get update && apt-get install -y gh \
    && rm -rf /var/lib/apt/lists/*

# ── Node.js LTS (22.x) + pnpm ───────────────────────────────────────────────
RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
    && apt-get install -y nodejs \
    && rm -rf /var/lib/apt/lists/* \
    && npm install -g pnpm

# ── Python 3 + pip + uv + ruff ──────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    python3 \
    python3-pip \
    python3-venv \
    && rm -rf /var/lib/apt/lists/*

# ── Docker CLI (not daemon) ─────────────────────────────────────────────────
RUN install -m 0755 -d /etc/apt/keyrings \
    && curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
    | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
    && chmod a+r /etc/apt/keyrings/docker.gpg \
    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
    > /etc/apt/sources.list.d/docker.list \
    && apt-get update && apt-get install -y docker-ce-cli \
    && rm -rf /var/lib/apt/lists/*

# ── AWS CLI v2 ───────────────────────────────────────────────────────────────
RUN ARCH=$(uname -m) && \
    curl "https://awscli.amazonaws.com/awscli-exe-linux-${ARCH}.zip" -o "awscliv2.zip" && \
    unzip -q awscliv2.zip && \
    ./aws/install && \
    rm -rf awscliv2.zip aws

# ── Non-root user with passwordless sudo ─────────────────────────────────────
RUN useradd -m -s /bin/bash -u 1000 claude \
    && echo "claude ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/claude \
    && chmod 0440 /etc/sudoers.d/claude

# ── Mount points (created as root, owned by claude) ──────────────────────────
RUN mkdir -p /workspace && chown claude:claude /workspace

# ── Rust (installed as claude user) ──────────────────────────────────────────
USER claude
WORKDIR /home/claude

RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
ENV PATH="/home/claude/.cargo/bin:${PATH}"

# Install uv and ruff for claude user
RUN curl -LsSf https://astral.sh/uv/install.sh | sh \
    && curl -LsSf https://astral.sh/ruff/install.sh | sh
ENV PATH="/home/claude/.local/bin:/home/claude/.cargo/bin:${PATH}"

# ── Claude Code ──────────────────────────────────────────────────────────────
RUN curl -fsSL https://claude.ai/install.sh | bash
ENV PATH="/home/claude/.claude/bin:${PATH}"

RUN mkdir -p /home/claude/.claude /home/claude/.ssh

WORKDIR /workspace

# ── Switch back to root for entrypoint (handles UID/GID remapping) ─────────
USER root
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh
COPY triple-c-scheduler /usr/local/bin/triple-c-scheduler
RUN chmod +x /usr/local/bin/triple-c-scheduler
COPY triple-c-task-runner /usr/local/bin/triple-c-task-runner
RUN chmod +x /usr/local/bin/triple-c-task-runner

ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
Initial commit: Triple-C app, container, and CI Tauri v2 desktop app (React/TypeScript + Rust) for managing containerized Claude Code environments. Includes Gitea Actions workflow for building and pushing the sandbox container image, and a BUILDING.md guide for manual app builds on Linux and Windows. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 04:29:51 +00:00			`FROM ubuntu:24.04`

Trigger multi-arch container build for ARM64 support Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-01 17:31:13 -08:00			`# Multi-arch: builds for linux/amd64 and linux/arm64 (Apple Silicon)`
Initial commit: Triple-C app, container, and CI Tauri v2 desktop app (React/TypeScript + Rust) for managing containerized Claude Code environments. Includes Gitea Actions workflow for building and pushing the sandbox container image, and a BUILDING.md guide for manual app builds on Linux and Windows. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 04:29:51 +00:00			`# Avoid interactive prompts during package install`
			`ENV DEBIAN_FRONTEND=noninteractive`

			`# ── System packages ──────────────────────────────────────────────────────────`
			`RUN apt-get update && apt-get install -y --no-install-recommends \`
			`git \`
			`curl \`
			`wget \`
			`openssh-client \`
			`build-essential \`
			`ripgrep \`
			`jq \`
			`sudo \`
			`ca-certificates \`
			`gnupg \`
			`locales \`
			`unzip \`
			`pkg-config \`
			`libssl-dev \`
Add container-native scheduled task system with timezone support Introduces a cron-based scheduler that lets Claude set up recurring and one-time tasks inside containers. Tasks run as separate Claude Code agents and persist across container recreation via the named volume. New files: - container/triple-c-scheduler: CLI for add/remove/enable/disable/list/logs/run/notifications - container/triple-c-task-runner: cron wrapper with flock, logging, notifications, auto-cleanup Key changes: - Dockerfile: add cron package and COPY both scripts - entrypoint.sh: timezone setup, cron daemon, crontab restore, env saving - container.rs: init=true for zombie reaping, TZ env, scheduler instructions, timezone recreation check - image.rs: embed scheduler scripts in build context - app_settings.rs + types.ts: timezone field - settings_commands.rs: detect_host_timezone via iana-time-zone crate - SettingsPanel.tsx: timezone input with auto-detection Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-01 15:57:22 +00:00			`cron \`
Initial commit: Triple-C app, container, and CI Tauri v2 desktop app (React/TypeScript + Rust) for managing containerized Claude Code environments. Includes Gitea Actions workflow for building and pushing the sandbox container image, and a BUILDING.md guide for manual app builds on Linux and Windows. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 04:29:51 +00:00			`&& rm -rf /var/lib/apt/lists/*`

Add container registry pull, image source settings, and global AWS config Support pulling images from registry (default: repo.anhonesthost.net/cybercovellc/triple-c/triple-c-sandbox:latest), local builds, or custom images via a new settings UI. Add global AWS configuration (config path auto-detect, profile picker, region) that serves as defaults overridable per-project for Bedrock auth. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 15:22:49 +00:00			`# Remove default ubuntu user to free UID 1000 for host-user remapping`
			`RUN if id ubuntu >/dev/null 2>&1; then userdel -r ubuntu 2>/dev/null \|\| userdel ubuntu; fi \`
			`&& if getent group ubuntu >/dev/null 2>&1; then groupdel ubuntu 2>/dev/null \|\| true; fi`

Initial commit: Triple-C app, container, and CI Tauri v2 desktop app (React/TypeScript + Rust) for managing containerized Claude Code environments. Includes Gitea Actions workflow for building and pushing the sandbox container image, and a BUILDING.md guide for manual app builds on Linux and Windows. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 04:29:51 +00:00			`# Set UTF-8 locale`
			`RUN locale-gen en_US.UTF-8`
			`ENV LANG=en_US.UTF-8`
			`ENV LC_ALL=en_US.UTF-8`

			`# ── GitHub CLI ───────────────────────────────────────────────────────────────`
			`RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \`
			`\| dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \`
			`&& chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \`
			`&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \`
			`> /etc/apt/sources.list.d/github-cli.list \`
			`&& apt-get update && apt-get install -y gh \`
			`&& rm -rf /var/lib/apt/lists/*`

			`# ── Node.js LTS (22.x) + pnpm ───────────────────────────────────────────────`
			`RUN curl -fsSL https://deb.nodesource.com/setup_22.x \| bash - \`
			`&& apt-get install -y nodejs \`
			`&& rm -rf /var/lib/apt/lists/* \`
			`&& npm install -g pnpm`

			`# ── Python 3 + pip + uv + ruff ──────────────────────────────────────────────`
			`RUN apt-get update && apt-get install -y --no-install-recommends \`
			`python3 \`
			`python3-pip \`
			`python3-venv \`
Fix Docker/CI: reproducible Windows build, Dockerfile cleanup - Fix Windows CI build to use npm ci instead of deleting lockfile and running npm install, ensuring reproducible cross-platform builds - Remove duplicate uv/ruff root installations from Dockerfile (only need the claude user installations) - Make AWS CLI install architecture-aware using uname -m for arm64 compatibility - Remove unused SiblingContainers component (dead code) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-28 20:43:14 +00:00			`&& rm -rf /var/lib/apt/lists/*`
Initial commit: Triple-C app, container, and CI Tauri v2 desktop app (React/TypeScript + Rust) for managing containerized Claude Code environments. Includes Gitea Actions workflow for building and pushing the sandbox container image, and a BUILDING.md guide for manual app builds on Linux and Windows. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 04:29:51 +00:00
			`# ── Docker CLI (not daemon) ─────────────────────────────────────────────────`
			`RUN install -m 0755 -d /etc/apt/keyrings \`
			`&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg \`
			`\| gpg --dearmor -o /etc/apt/keyrings/docker.gpg \`
			`&& chmod a+r /etc/apt/keyrings/docker.gpg \`
			`&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \`
			`> /etc/apt/sources.list.d/docker.list \`
			`&& apt-get update && apt-get install -y docker-ce-cli \`
			`&& rm -rf /var/lib/apt/lists/*`

Add AWS Bedrock auth mode with per-project configuration Introduces a third auth mode alongside Login and API Key, allowing projects to authenticate Claude Code via AWS Bedrock. Includes support for static credentials, profile-based, and bearer-token auth methods with full UI controls. Also adds a URL accumulator to the terminal to reassemble long OAuth URLs split across hard newlines, and installs the AWS CLI v2 in the container image. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 14:29:40 +00:00			`# ── AWS CLI v2 ───────────────────────────────────────────────────────────────`
Fix Docker/CI: reproducible Windows build, Dockerfile cleanup - Fix Windows CI build to use npm ci instead of deleting lockfile and running npm install, ensuring reproducible cross-platform builds - Remove duplicate uv/ruff root installations from Dockerfile (only need the claude user installations) - Make AWS CLI install architecture-aware using uname -m for arm64 compatibility - Remove unused SiblingContainers component (dead code) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-28 20:43:14 +00:00			`RUN ARCH=$(uname -m) && \`
			`curl "https://awscli.amazonaws.com/awscli-exe-linux-${ARCH}.zip" -o "awscliv2.zip" && \`
			`unzip -q awscliv2.zip && \`
			`./aws/install && \`
			`rm -rf awscliv2.zip aws`
Add AWS Bedrock auth mode with per-project configuration Introduces a third auth mode alongside Login and API Key, allowing projects to authenticate Claude Code via AWS Bedrock. Includes support for static credentials, profile-based, and bearer-token auth methods with full UI controls. Also adds a URL accumulator to the terminal to reassemble long OAuth URLs split across hard newlines, and installs the AWS CLI v2 in the container image. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 14:29:40 +00:00
Initial commit: Triple-C app, container, and CI Tauri v2 desktop app (React/TypeScript + Rust) for managing containerized Claude Code environments. Includes Gitea Actions workflow for building and pushing the sandbox container image, and a BUILDING.md guide for manual app builds on Linux and Windows. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 04:29:51 +00:00			`# ── Non-root user with passwordless sudo ─────────────────────────────────────`
Add container registry pull, image source settings, and global AWS config Support pulling images from registry (default: repo.anhonesthost.net/cybercovellc/triple-c/triple-c-sandbox:latest), local builds, or custom images via a new settings UI. Add global AWS configuration (config path auto-detect, profile picker, region) that serves as defaults overridable per-project for Bedrock auth. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 15:22:49 +00:00			`RUN useradd -m -s /bin/bash -u 1000 claude \`
Initial commit: Triple-C app, container, and CI Tauri v2 desktop app (React/TypeScript + Rust) for managing containerized Claude Code environments. Includes Gitea Actions workflow for building and pushing the sandbox container image, and a BUILDING.md guide for manual app builds on Linux and Windows. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 04:29:51 +00:00			`&& echo "claude ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/claude \`
			`&& chmod 0440 /etc/sudoers.d/claude`

			`# ── Mount points (created as root, owned by claude) ──────────────────────────`
			`RUN mkdir -p /workspace && chown claude:claude /workspace`

			`# ── Rust (installed as claude user) ──────────────────────────────────────────`
			`USER claude`
			`WORKDIR /home/claude`

			`RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \| sh -s -- -y`
			`ENV PATH="/home/claude/.cargo/bin:${PATH}"`

Fix Docker/CI: reproducible Windows build, Dockerfile cleanup - Fix Windows CI build to use npm ci instead of deleting lockfile and running npm install, ensuring reproducible cross-platform builds - Remove duplicate uv/ruff root installations from Dockerfile (only need the claude user installations) - Make AWS CLI install architecture-aware using uname -m for arm64 compatibility - Remove unused SiblingContainers component (dead code) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-28 20:43:14 +00:00			`# Install uv and ruff for claude user`
Initial commit: Triple-C app, container, and CI Tauri v2 desktop app (React/TypeScript + Rust) for managing containerized Claude Code environments. Includes Gitea Actions workflow for building and pushing the sandbox container image, and a BUILDING.md guide for manual app builds on Linux and Windows. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 04:29:51 +00:00			`RUN curl -LsSf https://astral.sh/uv/install.sh \| sh \`
			`&& curl -LsSf https://astral.sh/ruff/install.sh \| sh`
			`ENV PATH="/home/claude/.local/bin:/home/claude/.cargo/bin:${PATH}"`

			`# ── Claude Code ──────────────────────────────────────────────────────────────`
			`RUN curl -fsSL https://claude.ai/install.sh \| bash`
			`ENV PATH="/home/claude/.claude/bin:${PATH}"`

			`RUN mkdir -p /home/claude/.claude /home/claude/.ssh`

			`WORKDIR /workspace`

Fix UID/GID mismatch and SSH key permissions in container - Entrypoint now runs as root to remap the container's claude user UID/GID to match the host user, fixing bind mount permission errors on WSL - SSH keys are mounted read-only to a staging path (/tmp/.host-ssh) and copied to ~/.ssh with correct permissions by the entrypoint - Exec sessions explicitly run as the claude user - Host UID/GID detected automatically and passed as env vars Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 04:36:01 +00:00			`# ── Switch back to root for entrypoint (handles UID/GID remapping) ─────────`
			`USER root`
			`COPY entrypoint.sh /usr/local/bin/entrypoint.sh`
			`RUN chmod +x /usr/local/bin/entrypoint.sh`
Add container-native scheduled task system with timezone support Introduces a cron-based scheduler that lets Claude set up recurring and one-time tasks inside containers. Tasks run as separate Claude Code agents and persist across container recreation via the named volume. New files: - container/triple-c-scheduler: CLI for add/remove/enable/disable/list/logs/run/notifications - container/triple-c-task-runner: cron wrapper with flock, logging, notifications, auto-cleanup Key changes: - Dockerfile: add cron package and COPY both scripts - entrypoint.sh: timezone setup, cron daemon, crontab restore, env saving - container.rs: init=true for zombie reaping, TZ env, scheduler instructions, timezone recreation check - image.rs: embed scheduler scripts in build context - app_settings.rs + types.ts: timezone field - settings_commands.rs: detect_host_timezone via iana-time-zone crate - SettingsPanel.tsx: timezone input with auto-detection Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-01 15:57:22 +00:00			`COPY triple-c-scheduler /usr/local/bin/triple-c-scheduler`
			`RUN chmod +x /usr/local/bin/triple-c-scheduler`
			`COPY triple-c-task-runner /usr/local/bin/triple-c-task-runner`
			`RUN chmod +x /usr/local/bin/triple-c-task-runner`
Initial commit: Triple-C app, container, and CI Tauri v2 desktop app (React/TypeScript + Rust) for managing containerized Claude Code environments. Includes Gitea Actions workflow for building and pushing the sandbox container image, and a BUILDING.md guide for manual app builds on Linux and Windows. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 04:29:51 +00:00
Fix UID/GID mismatch and SSH key permissions in container - Entrypoint now runs as root to remap the container's claude user UID/GID to match the host user, fixing bind mount permission errors on WSL - SSH keys are mounted read-only to a staging path (/tmp/.host-ssh) and copied to ~/.ssh with correct permissions by the entrypoint - Exec sessions explicitly run as the claude user - Host UID/GID detected automatically and passed as env vars Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-27 04:36:01 +00:00			`ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]`