- Respect
.gitignoreand skip files and dirs prefixed with "_". - Use the
codemapskill when exploring the codebase.
Note: docker commands cannot be run directly — ask the user to run them.
# Format and lint all code (shfmt, shellcheck, dockerfmt, yamlfmt, markdownlint-cli2)
make fmt
# Build the Docker image (ask user to run)
make buildCI enforces formatting: lint.yaml runs make fmt inside the image and fails if git diff shows changes. Always run make fmt before committing.
This project is a containerized Claude Code sandbox. The two primary artifacts are:
-
claude-aliases.bashrc— Shell integration that creates per-profile aliases (cc1,cc1-yolo,cc1-advisor). Each alias calls_claude_runwhich spins updocker run -it --rmwith: profile-specific state volume (~/.claude-<profile>), current directory mounted, all capabilities dropped, no-new-privileges, and host networking. -
Dockerfile— Six-stage build:- DEB Packages: System packages (git, gh, jq, ripgrep, docker-ce-cli, etc.)
- Claude Tools:
claude-code,claude-powerline,agentshield,git-deltavia Bun - Lint/Format Tools:
dockerfmt,shfmt,shellcheck,yamlfmt,markdownlint-cli2 - User Setup: Creates non-root
agentuser (UID 1000) - Claude Plugins: SuperClaude, claude-skills, codemap, and 33+ antigravity-awesome-skills bundles installed as local plugin marketplace
- Shell Interface: Bash customization, aliases, readline config
-
scripts/entrypoint.sh— Container init chain: maps arbitrary UID/GID via NSS wrapper → initializes~/.claude→ sets up audit log → symlinks shared config from image → enables plugins (default:sc codemap) → runs security scans (AgentShield + unicode detection) → execsclaudewith all arguments. -
claude-shared/— Shared config copied into the image:managed-settings.d/10-core.json: Model, UI prefs, env varsmanaged-settings.d/10-permissions.json: Tool allow/deny lists and default plan modemanaged-settings.d/10-hooks-audit-log.json: Audit-logging hooks (SessionStart, PreToolUse, ConfigChange →~/.claude/audit-log.jsonl)managed-settings.d/20-hooks-rtk.json: RTK token compression hook (disable viaDISABLE_RTK=1)agents/advisor.md: Read-only advisory agent (WebFetch/WebSearch only)claude-powerline.json: Prompt theme with cost/context display
managed-settings.d/10-permissions.json enforces plan mode by default with a tool allowlist (date, ls, mkdir, git status/log/diff/add/commit, etc.) and denylist (rm -rf, sudo, piped curl|bash, ssh, chmod 777). These files are symlinked at runtime via entrypoint.
Plugins are installed during Docker build into /claude-shared/plugins-marketplaces/local/ and exposed as a local Claude Code marketplace. At startup, entrypoint enables plugins listed in ENABLE_PLUGINS (default: sc codemap). scripts/install-aas-bundles.py parses bundles.md from antigravity-awesome-skills and generates per-bundle plugin directories + plugin.json metadata files.
renovate.json uses custom regex managers to track versions pinned in Dockerfile comments and groups all updates into a single PR. @anthropic-ai/claude-code has 0-day minimum release age for instant updates.