feat: enable SSH access from agent-service container
- Add openssh-client to Dockerfile.service (alpine) - Create .ssh directory with correct permissions for appuser - Mount host SSH key into agent-service container (read-only) This allows the Agent SDK to SSH into managed servers using the Bash tool. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
36d36acad4
commit
795e8a11c5
|
|
@ -39,8 +39,8 @@ RUN pnpm turbo build --filter='./packages/shared/*' --filter=@it0/${SERVICE_NAME
|
|||
# ===== Production Stage =====
|
||||
FROM node:18-alpine
|
||||
|
||||
# Install bash (required by Claude Agent SDK Bash tool)
|
||||
RUN apk add --no-cache bash
|
||||
# Install bash (required by Claude Agent SDK Bash tool) + openssh-client (for SSH to managed servers)
|
||||
RUN apk add --no-cache bash openssh-client
|
||||
|
||||
RUN corepack enable
|
||||
|
||||
|
|
@ -82,7 +82,8 @@ WORKDIR /app/packages/services/${SERVICE_NAME}
|
|||
# Run as non-root user (required for SDK bypassPermissions mode)
|
||||
RUN adduser -D -h /home/appuser appuser && \
|
||||
mkdir -p /data/claude-tenants && \
|
||||
chown -R appuser:appuser /app /data/claude-tenants
|
||||
mkdir -p /home/appuser/.ssh && chmod 700 /home/appuser/.ssh && \
|
||||
chown -R appuser:appuser /app /data/claude-tenants /home/appuser/.ssh
|
||||
USER appuser
|
||||
|
||||
ARG SERVICE_PORT=3000
|
||||
|
|
|
|||
|
|
@ -122,6 +122,7 @@ services:
|
|||
- ${HOME}/.claude:/home/appuser/.claude
|
||||
- ${HOME}/.claude.json:/home/appuser/.claude.json
|
||||
- claude_tenants:/data/claude-tenants
|
||||
- ${HOME}/.ssh/id_ed25519:/home/appuser/.ssh/id_ed25519:ro
|
||||
environment:
|
||||
- DB_HOST=postgres
|
||||
- DB_PORT=5432
|
||||
|
|
|
|||
Loading…
Reference in New Issue