538ea57ed4
Claude Config API (v0.6): - Add CRUD endpoints for commands, skills, and agents - Commands/skills/agents stored in /workspace/.claude/ (per-project, in git) - Credentials shared via PVC at /root/.claude/ (shared across pods) - Use base64 encoding for file writes (prevents shell injection) - Add content size limits (1MB max) Security Hardening: - Add sanitize package for command/prompt validation - Add rate limiting middleware (token bucket algorithm) - Add concurrent command limiting - Add input sanitization to all command handlers - Gitignore secrets.yaml and credentials.yaml - Add *.example templates for secrets Testing Infrastructure: - Add testutil package with mocks and fixtures - Add unit tests for auth package (63% coverage) - Add unit tests for executor (47% coverage) - Add handler integration tests (40% coverage) - Add 100% coverage for sanitize, cmdlimit packages - Add 96% coverage for ratelimit package Infrastructure: - Shared Claude credentials PVC (ReadWriteMany) - Reduced workspace PVC size from 20Gi to 5Gi - Add init container cleanup before git clone - Document Longhorn RWX requirements Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
51 lines
1.1 KiB
Docker
51 lines
1.1 KiB
Docker
# rdev-api - Go API server for controlling claudebox pods
|
|
# v0.4 - API Server
|
|
|
|
# Build stage
|
|
FROM golang:1.23-alpine AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
# Install git for go mod download
|
|
RUN apk add --no-cache git
|
|
|
|
# Copy go mod files first for layer caching
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
# Copy source code
|
|
COPY . .
|
|
|
|
# Build the binary (platform determined by Docker --platform flag)
|
|
RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o rdev-api ./cmd/rdev-api
|
|
|
|
# Runtime stage
|
|
FROM alpine:3.19
|
|
|
|
# Install kubectl for exec into pods
|
|
RUN apk add --no-cache ca-certificates curl \
|
|
&& curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" \
|
|
&& chmod +x kubectl \
|
|
&& mv kubectl /usr/local/bin/
|
|
|
|
# Create non-root user
|
|
RUN adduser -D -g '' appuser
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy binary from builder
|
|
COPY --from=builder /app/rdev-api .
|
|
|
|
# Use non-root user
|
|
USER appuser
|
|
|
|
# Expose port
|
|
EXPOSE 8080
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
|
|
CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1
|
|
|
|
# Run the server
|
|
ENTRYPOINT ["./rdev-api"]
|