538ea57ed4
Claude Config API (v0.6): - Add CRUD endpoints for commands, skills, and agents - Commands/skills/agents stored in /workspace/.claude/ (per-project, in git) - Credentials shared via PVC at /root/.claude/ (shared across pods) - Use base64 encoding for file writes (prevents shell injection) - Add content size limits (1MB max) Security Hardening: - Add sanitize package for command/prompt validation - Add rate limiting middleware (token bucket algorithm) - Add concurrent command limiting - Add input sanitization to all command handlers - Gitignore secrets.yaml and credentials.yaml - Add *.example templates for secrets Testing Infrastructure: - Add testutil package with mocks and fixtures - Add unit tests for auth package (63% coverage) - Add unit tests for executor (47% coverage) - Add handler integration tests (40% coverage) - Add 100% coverage for sanitize, cmdlimit packages - Add 96% coverage for ratelimit package Infrastructure: - Shared Claude credentials PVC (ReadWriteMany) - Reduced workspace PVC size from 20Gi to 5Gi - Add init container cleanup before git clone - Document Longhorn RWX requirements Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
62 lines
1.8 KiB
Bash
Executable File
62 lines
1.8 KiB
Bash
Executable File
#!/bin/bash
|
|
# claude-login.sh - Authenticate Claude CLI in a claudebox pod
|
|
# Usage: ./scripts/claude-login.sh <project>
|
|
# Example: ./scripts/claude-login.sh pantheon
|
|
|
|
set -e
|
|
|
|
# Check for project argument
|
|
if [ -z "$1" ]; then
|
|
echo "Usage: $0 <project>"
|
|
echo ""
|
|
echo "Available projects:"
|
|
KUBECONFIG=~/.kube/orchard9-k3sf.yaml kubectl get pods -n rdev -l app.kubernetes.io/part-of=rdev \
|
|
--no-headers -o custom-columns=":metadata.labels.rdev\.orchard9\.ai/project" 2>/dev/null | grep -v "^$" | sort -u
|
|
echo ""
|
|
echo "Example: $0 pantheon"
|
|
exit 1
|
|
fi
|
|
|
|
PROJECT="$1"
|
|
POD="claudebox-${PROJECT}-0"
|
|
NAMESPACE="rdev"
|
|
|
|
# Verify kubeconfig
|
|
export KUBECONFIG=~/.kube/orchard9-k3sf.yaml
|
|
|
|
# Check if pod exists and is running
|
|
echo "Checking pod status..."
|
|
STATUS=$(kubectl get pod "$POD" -n "$NAMESPACE" -o jsonpath='{.status.phase}' 2>/dev/null || echo "NotFound")
|
|
|
|
if [ "$STATUS" != "Running" ]; then
|
|
echo "Error: Pod $POD is not running (status: $STATUS)"
|
|
echo ""
|
|
echo "Available pods:"
|
|
kubectl get pods -n "$NAMESPACE" -l app.kubernetes.io/part-of=rdev
|
|
exit 1
|
|
fi
|
|
|
|
echo ""
|
|
echo "=== Claude Login for $PROJECT ==="
|
|
echo ""
|
|
echo "This will open an interactive session to authenticate Claude."
|
|
echo "You'll see a URL - open it in your browser to complete authentication."
|
|
echo ""
|
|
echo "Press Ctrl+C to cancel, or Enter to continue..."
|
|
read
|
|
|
|
# Run claude interactively (will prompt for auth if needed)
|
|
echo "Starting Claude..."
|
|
kubectl exec -it "$POD" -n "$NAMESPACE" -c claudebox -- claude
|
|
|
|
echo ""
|
|
echo "=== Authentication Complete ==="
|
|
echo ""
|
|
echo "Verifying Claude is authenticated..."
|
|
kubectl exec "$POD" -n "$NAMESPACE" -c claudebox -- claude --version
|
|
|
|
echo ""
|
|
echo "Claude is now authenticated in $POD"
|
|
echo "You can run commands via the API or directly:"
|
|
echo " kubectl exec -it $POD -n $NAMESPACE -- claude"
|