From d52cc72c238de716b82b8412ed53009e6ca576dc Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 31 Jan 2026 15:48:56 +0000 Subject: [PATCH 1/3] Add Docker container setup Multi-stage Dockerfile with Alpine-based runtime including Chromium, docker-compose.yml for easy configuration, and convenience run script. https://claude.ai/code/session_01JtAmjANBxZUioCZDBsKTWt --- .dockerignore | 43 +++++++++ container/Dockerfile | 79 ++++++++++++++++ container/README.md | 170 +++++++++++++++++++++++++++++++++++ container/docker-compose.yml | 60 +++++++++++++ container/run.sh | 31 +++++++ 5 files changed, 383 insertions(+) create mode 100644 .dockerignore create mode 100644 container/Dockerfile create mode 100644 container/README.md create mode 100644 container/docker-compose.yml create mode 100755 container/run.sh diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..7861af7 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,43 @@ +# Build artifacts +target/ +lib/ratatui-core/ + +# Git +.git/ +.gitignore + +# IDE and editor files +.vscode/ +.idea/ +*.swp +*.swo +*~ + +# Container build directory contents (avoid recursion) +container/workspace/ +container/config/ +container/data/ + +# Development files +.cargo/config.toml + +# Documentation and non-essential files +*.md +!README.md +LICENSE + +# Logs and temporary files +*.log +*.tmp +.codey/ + +# Environment files (may contain secrets) +.env +.env.* + +# macOS +.DS_Store + +# Test fixtures and snapshots +tests/ +snapshots/ diff --git a/container/Dockerfile b/container/Dockerfile new file mode 100644 index 0000000..ee4b3bf --- /dev/null +++ b/container/Dockerfile @@ -0,0 +1,79 @@ +# Codey Docker Container +# Multi-stage build for minimal runtime image + +# ============================================================================= +# Builder Stage - Compile codey with musl for static linking +# ============================================================================= +FROM rust:1.83-alpine AS builder + +# Install build dependencies +RUN apk add --no-cache \ + musl-dev \ + openssl-dev \ + openssl-libs-static \ + pkgconfig \ + git \ + make \ + patch \ + perl + +# Set up the build environment +WORKDIR /build + +# Copy the source code +COPY . . + +# Apply SIMD patches and build +# Use vendored-openssl for static linking +RUN make patch && \ + CARGO_BUILD_TARGET=x86_64-unknown-linux-musl \ + EXTRA_FEATURES=vendored-openssl \ + make release + +# ============================================================================= +# Runtime Stage - Minimal Alpine with Chromium +# ============================================================================= +FROM alpine:3.21 + +# Install runtime dependencies +# - chromium: for web content extraction (fetch_html tool) +# - bash: for shell tool execution +# - git: commonly needed for code operations +# - neovim: optional IDE integration +# - ca-certificates: for HTTPS requests +# - tzdata: timezone support +RUN apk add --no-cache \ + chromium \ + bash \ + git \ + neovim \ + ca-certificates \ + tzdata \ + # Chromium dependencies for headless operation + nss \ + freetype \ + harfbuzz \ + ttf-freefont + +# Create non-root user for security +RUN adduser -D -h /home/codey codey + +# Set up directories +RUN mkdir -p /home/codey/.config/codey /work && \ + chown -R codey:codey /home/codey /work + +# Copy the compiled binary from builder +COPY --from=builder /build/target/x86_64-unknown-linux-musl/release/codey /usr/local/bin/codey +RUN chmod +x /usr/local/bin/codey + +# Set environment variables +ENV HOME=/home/codey +ENV CHROME_BIN=/usr/bin/chromium-browser +ENV CHROMIUM_FLAGS="--no-sandbox --headless --disable-gpu --disable-dev-shm-usage" + +# Switch to non-root user +USER codey +WORKDIR /work + +# Default entrypoint +ENTRYPOINT ["codey"] diff --git a/container/README.md b/container/README.md new file mode 100644 index 0000000..0a0083b --- /dev/null +++ b/container/README.md @@ -0,0 +1,170 @@ +# Codey Docker Container + +Run codey in a containerized environment with all dependencies included. + +## Quick Start + +### 1. Set your API key + +```bash +export ANTHROPIC_API_KEY=your-api-key-here +``` + +### 2. Build and run + +```bash +cd container + +# Build the image +docker compose build + +# Run interactively +docker compose run --rm codey +``` + +## Usage + +### Running with Docker Compose (recommended) + +```bash +# Start an interactive session +docker compose run --rm codey + +# Continue a previous session +docker compose run --rm codey --continue + +# Specify a model +docker compose run --rm codey --model claude-sonnet-4-20250514 +``` + +### Running with Docker directly + +```bash +# Build the image +docker build -t codey:latest -f container/Dockerfile . + +# Run interactively +docker run -it --rm \ + -e ANTHROPIC_API_KEY \ + -v $(pwd):/work \ + -v ~/.config/codey:/home/codey/.config/codey \ + --shm-size=2gb \ + codey:latest +``` + +## Configuration + +### Environment Variables + +| Variable | Description | Required | +|----------|-------------|----------| +| `ANTHROPIC_API_KEY` | Anthropic API key | Yes | +| `OPENROUTER_API_KEY` | OpenRouter API key (alternative) | No | +| `TZ` | Timezone (e.g., `America/New_York`) | No | +| `CODEY_WORK_DIR` | Host path to mount as working directory | No | +| `CODEY_CONFIG_DIR` | Host path for codey configuration | No | +| `CODEY_DATA_DIR` | Host path for session transcripts | No | + +### Volume Mounts + +The container uses several volume mounts: + +- `/work` - Your working directory (code to work on) +- `/home/codey/.config/codey` - Codey configuration +- `/work/.codey` - Session transcripts for `--continue` feature +- `/home/codey/.gitconfig` - Git configuration (read-only) + +### Custom Configuration + +Create a config file at `./config/config.toml`: + +```toml +# Model configuration +model = "claude-sonnet-4-20250514" + +# Chrome executable (already set in container) +# chrome_executable = "/usr/bin/chromium-browser" + +# Auto-approve patterns (use with caution) +# auto_approve = ["Read*", "Glob*"] +``` + +## Building for Different Architectures + +### Build for ARM64 (Apple Silicon, etc.) + +Modify the Dockerfile target architecture: + +```dockerfile +# In the builder stage, change: +CARGO_BUILD_TARGET=aarch64-unknown-linux-musl +``` + +Or use Docker buildx for multi-arch builds: + +```bash +docker buildx build --platform linux/amd64,linux/arm64 -t codey:latest . +``` + +## Included Tools + +The container includes: + +- **Chromium** - Headless browser for web content extraction +- **Git** - Version control operations +- **Bash** - Shell command execution +- **Neovim** - Optional IDE integration + +## Troubleshooting + +### Chromium fails to start + +Ensure adequate shared memory: + +```bash +docker run --shm-size=2gb ... +``` + +### Permission denied errors + +The container runs as non-root user `codey`. Ensure mounted volumes have appropriate permissions: + +```bash +# Fix ownership if needed +sudo chown -R $(id -u):$(id -g) ./workspace ./config ./data +``` + +### Session not persisting + +Ensure the data volume is properly mounted: + +```bash +docker compose run --rm \ + -v $(pwd)/data:/work/.codey \ + codey --continue +``` + +## Security Notes + +- The container runs as a non-root user by default +- Unnecessary capabilities are dropped +- Consider using read-only mounts where possible +- Never expose the container's ports to the network + +## Development + +To rebuild after code changes: + +```bash +docker compose build --no-cache +``` + +To run with local source mounted (for development): + +```bash +docker run -it --rm \ + -v $(pwd):/build \ + -w /build \ + rust:1.83-alpine \ + sh -c "apk add musl-dev openssl-dev git make patch perl && make build" +``` diff --git a/container/docker-compose.yml b/container/docker-compose.yml new file mode 100644 index 0000000..5851832 --- /dev/null +++ b/container/docker-compose.yml @@ -0,0 +1,60 @@ +services: + codey: + build: + context: .. + dockerfile: container/Dockerfile + image: codey:latest + container_name: codey + + # Interactive terminal support for TUI + stdin_open: true + tty: true + + # Environment variables + environment: + # Required: Anthropic API key for AI functionality + - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-} + + # Optional: Alternative providers + - OPENROUTER_API_KEY=${OPENROUTER_API_KEY:-} + + # Chromium configuration for headless browser + - CHROME_BIN=/usr/bin/chromium-browser + + # Timezone (optional) + - TZ=${TZ:-UTC} + + # Volume mounts + volumes: + # Mount your working directory (code to work on) + - ${CODEY_WORK_DIR:-./workspace}:/work + + # Persist codey configuration + - ${CODEY_CONFIG_DIR:-./config}:/home/codey/.config/codey + + # Persist session transcripts (for --continue feature) + - ${CODEY_DATA_DIR:-./data}:/work/.codey + + # Git configuration (for commits) + - ${HOME}/.gitconfig:/home/codey/.gitconfig:ro + + # SSH keys for git operations (optional) + # - ${HOME}/.ssh:/home/codey/.ssh:ro + + # Security: drop unnecessary capabilities + cap_drop: + - ALL + cap_add: + - CHOWN + - SETUID + - SETGID + + # Shared memory size for Chromium + shm_size: '2gb' + + # Resource limits (optional, adjust as needed) + # deploy: + # resources: + # limits: + # memory: 4G + # cpus: '2' diff --git a/container/run.sh b/container/run.sh new file mode 100755 index 0000000..359e7d2 --- /dev/null +++ b/container/run.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# Convenience script to run codey in Docker +# +# Usage: +# ./run.sh # Start new session +# ./run.sh --continue # Continue previous session +# ./run.sh --model opus # Use specific model + +set -e + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +cd "$SCRIPT_DIR" + +# Check for API key +if [ -z "$ANTHROPIC_API_KEY" ]; then + echo "Error: ANTHROPIC_API_KEY environment variable is not set" + echo "Export it with: export ANTHROPIC_API_KEY=your-key-here" + exit 1 +fi + +# Create local directories if they don't exist +mkdir -p workspace config data + +# Build if image doesn't exist +if ! docker image inspect codey:latest &>/dev/null; then + echo "Building codey image..." + docker compose build +fi + +# Run codey with all arguments passed through +exec docker compose run --rm codey "$@" From abcc0199a938824a580500111d9ee26a95b7b929 Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 31 Jan 2026 15:54:23 +0000 Subject: [PATCH 2/3] Switch Docker base to Debian, add Brave API key - Use Debian bookworm-slim instead of Alpine for better compatibility - Add BRAVE_API_KEY environment variable for web search - Simplify build (no musl/vendored-openssl needed) https://claude.ai/code/session_01JtAmjANBxZUioCZDBsKTWt --- container/Dockerfile | 44 +++++++++++++++--------------------- container/README.md | 14 ++++-------- container/docker-compose.yml | 5 +++- 3 files changed, 27 insertions(+), 36 deletions(-) diff --git a/container/Dockerfile b/container/Dockerfile index ee4b3bf..81b7c35 100644 --- a/container/Dockerfile +++ b/container/Dockerfile @@ -2,20 +2,20 @@ # Multi-stage build for minimal runtime image # ============================================================================= -# Builder Stage - Compile codey with musl for static linking +# Builder Stage - Compile codey # ============================================================================= -FROM rust:1.83-alpine AS builder +FROM rust:1.83-slim-bookworm AS builder # Install build dependencies -RUN apk add --no-cache \ - musl-dev \ - openssl-dev \ - openssl-libs-static \ - pkgconfig \ +RUN apt-get update && apt-get install -y --no-install-recommends \ + libssl-dev \ + pkg-config \ git \ make \ patch \ - perl + perl \ + ca-certificates \ + && rm -rf /var/lib/apt/lists/* # Set up the build environment WORKDIR /build @@ -24,16 +24,12 @@ WORKDIR /build COPY . . # Apply SIMD patches and build -# Use vendored-openssl for static linking -RUN make patch && \ - CARGO_BUILD_TARGET=x86_64-unknown-linux-musl \ - EXTRA_FEATURES=vendored-openssl \ - make release +RUN make patch && make release # ============================================================================= -# Runtime Stage - Minimal Alpine with Chromium +# Runtime Stage - Debian with Chromium # ============================================================================= -FROM alpine:3.21 +FROM debian:bookworm-slim # Install runtime dependencies # - chromium: for web content extraction (fetch_html tool) @@ -41,34 +37,30 @@ FROM alpine:3.21 # - git: commonly needed for code operations # - neovim: optional IDE integration # - ca-certificates: for HTTPS requests -# - tzdata: timezone support -RUN apk add --no-cache \ +RUN apt-get update && apt-get install -y --no-install-recommends \ chromium \ bash \ git \ neovim \ ca-certificates \ - tzdata \ - # Chromium dependencies for headless operation - nss \ - freetype \ - harfbuzz \ - ttf-freefont + curl \ + openssh-client \ + && rm -rf /var/lib/apt/lists/* # Create non-root user for security -RUN adduser -D -h /home/codey codey +RUN useradd -m -d /home/codey -s /bin/bash codey # Set up directories RUN mkdir -p /home/codey/.config/codey /work && \ chown -R codey:codey /home/codey /work # Copy the compiled binary from builder -COPY --from=builder /build/target/x86_64-unknown-linux-musl/release/codey /usr/local/bin/codey +COPY --from=builder /build/target/release/codey /usr/local/bin/codey RUN chmod +x /usr/local/bin/codey # Set environment variables ENV HOME=/home/codey -ENV CHROME_BIN=/usr/bin/chromium-browser +ENV CHROME_BIN=/usr/bin/chromium ENV CHROMIUM_FLAGS="--no-sandbox --headless --disable-gpu --disable-dev-shm-usage" # Switch to non-root user diff --git a/container/README.md b/container/README.md index 0a0083b..a84d662 100644 --- a/container/README.md +++ b/container/README.md @@ -60,6 +60,7 @@ docker run -it --rm \ |----------|-------------|----------| | `ANTHROPIC_API_KEY` | Anthropic API key | Yes | | `OPENROUTER_API_KEY` | OpenRouter API key (alternative) | No | +| `BRAVE_API_KEY` | Brave Search API key for web search | No | | `TZ` | Timezone (e.g., `America/New_York`) | No | | `CODEY_WORK_DIR` | Host path to mount as working directory | No | | `CODEY_CONFIG_DIR` | Host path for codey configuration | No | @@ -93,19 +94,14 @@ model = "claude-sonnet-4-20250514" ### Build for ARM64 (Apple Silicon, etc.) -Modify the Dockerfile target architecture: - -```dockerfile -# In the builder stage, change: -CARGO_BUILD_TARGET=aarch64-unknown-linux-musl -``` - -Or use Docker buildx for multi-arch builds: +Use Docker buildx for multi-arch builds: ```bash -docker buildx build --platform linux/amd64,linux/arm64 -t codey:latest . +docker buildx build --platform linux/amd64,linux/arm64 -t codey:latest -f container/Dockerfile . ``` +The Debian-based image supports both amd64 and arm64 natively. + ## Included Tools The container includes: diff --git a/container/docker-compose.yml b/container/docker-compose.yml index 5851832..2e4e728 100644 --- a/container/docker-compose.yml +++ b/container/docker-compose.yml @@ -18,8 +18,11 @@ services: # Optional: Alternative providers - OPENROUTER_API_KEY=${OPENROUTER_API_KEY:-} + # Optional: Brave Search API key for web search + - BRAVE_API_KEY=${BRAVE_API_KEY:-} + # Chromium configuration for headless browser - - CHROME_BIN=/usr/bin/chromium-browser + - CHROME_BIN=/usr/bin/chromium # Timezone (optional) - TZ=${TZ:-UTC} From 02ae532c1baa65816b46425615067813c02dff97 Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 31 Jan 2026 15:58:59 +0000 Subject: [PATCH 3/3] Add extending the image examples to README Show how to add custom tools, system prompts, and create project-specific images based on codey. https://claude.ai/code/session_01JtAmjANBxZUioCZDBsKTWt --- container/README.md | 81 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 79 insertions(+), 2 deletions(-) diff --git a/container/README.md b/container/README.md index a84d662..4e95629 100644 --- a/container/README.md +++ b/container/README.md @@ -111,6 +111,83 @@ The container includes: - **Bash** - Shell command execution - **Neovim** - Optional IDE integration +## Extending the Image + +You can create custom images based on codey for project-specific needs. + +### Adding Custom Tools + +```dockerfile +FROM codey:latest + +USER root + +# Install additional tools +RUN apt-get update && apt-get install -y --no-install-recommends \ + python3 \ + python3-pip \ + nodejs \ + npm \ + && rm -rf /var/lib/apt/lists/* + +# Install a specific CLI tool +RUN npm install -g typescript + +USER codey +``` + +### Adding a Project System Prompt + +```dockerfile +FROM codey:latest + +# Add a project-specific system prompt +COPY SYSTEM.md /home/codey/.config/codey/SYSTEM.md +``` + +Your `SYSTEM.md` might contain: + +```markdown +You are working on the Acme project, a REST API built with Rust and Actix-web. + +Key conventions: +- All handlers go in src/handlers/ +- Use the existing error types in src/errors.rs +- Run `cargo test` before committing +``` + +### Full Example: Custom Project Image + +```dockerfile +FROM codey:latest + +USER root + +# Install project-specific dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + postgresql-client \ + redis-tools \ + && rm -rf /var/lib/apt/lists/* + +# Add custom scripts +COPY --chmod=755 scripts/deploy.sh /usr/local/bin/deploy + +USER codey + +# Add project system prompt +COPY --chown=codey:codey SYSTEM.md /home/codey/.config/codey/SYSTEM.md + +# Add project config +COPY --chown=codey:codey config.toml /home/codey/.config/codey/config.toml +``` + +Build and use: + +```bash +docker build -t my-project-codey . +docker run -it --rm -e ANTHROPIC_API_KEY -v $(pwd):/work my-project-codey +``` + ## Troubleshooting ### Chromium fails to start @@ -161,6 +238,6 @@ To run with local source mounted (for development): docker run -it --rm \ -v $(pwd):/build \ -w /build \ - rust:1.83-alpine \ - sh -c "apk add musl-dev openssl-dev git make patch perl && make build" + rust:1.83-slim-bookworm \ + sh -c "apt-get update && apt-get install -y libssl-dev pkg-config git make patch && make build" ```