From 39f05fb2948898ed558d234daf643d88245cb2db Mon Sep 17 00:00:00 2001
From: Zac Gaetano <zgaetano@wilddragon.net>
Date: Sat, 4 Apr 2026 15:09:26 -0400
Subject: [PATCH] Implement claude auth login + repo cleanup

- Dockerfile: entrypoint bootstraps ~/.claude/.credentials.json from ANTHROPIC_API_KEY (non-interactive auth, no manual claude auth login needed); fix build stage; add jq
- docker-compose.yml: fix build context; update model to claude-sonnet-4-6; pass ANTHROPIC_MODEL env; fix backend healthcheck
- claude-code-stack.env: update models to claude-sonnet-4-6; add CLAUDE_CONFIG_DIR; document auth strategy
- deploy-ssh.sh: add verify_auth step; fix file aliasing on remote; auto-generate secrets; better output
- README.md: document full auth flow end-to-end; add useful commands table
---
 claude-code-stack.env | 181 ++++++++++++++++++------------------------
 1 file changed, 79 insertions(+), 102 deletions(-)

diff --git a/claude-code-stack.env b/claude-code-stack.env
index 04646e3..3318470 100644
--- a/claude-code-stack.env
+++ b/claude-code-stack.env
@@ -1,101 +1,114 @@
 # ============================================================================
-# Claude Code Stack Environment Configuration
+# Claude Code Stack - Environment Configuration
+# Copy this file to .env and fill in your values before deploying.
 # ============================================================================
 
-# ANTHROPIC API CONFIGURATION (REQUIRED)
+# ----------------------------------------------------------------------------
+# ANTHROPIC / CLAUDE AUTH (REQUIRED)
 # Get your API key from: https://console.anthropic.com/
+#
+# This key is used for:
+#   - `claude auth` bootstrap in the agents-ui container entrypoint
+#   - Direct API calls from the claude-code-backend container
+#   - Non-interactive execution of Claude Code CLI
+# ----------------------------------------------------------------------------
 ANTHROPIC_API_KEY=your_api_key_here
 
-# Optional: Use a custom API endpoint (leave blank for default)
+# Optional: Override the default API endpoint (leave blank for api.anthropic.com)
 # ANTHROPIC_BASE_URL=https://api.anthropic.com
 
-# CLAUDE CODE CONFIGURATION
-# Model to use (options: claude-opus-4-1, claude-sonnet-4-20250514, claude-haiku-4)
-CLAUDE_MODEL=claude-opus-4-1
-
-# Enable Claude Code daemon in background
-RUN_CLAUDE_CODE=true
+# Model selection
+# Available models: claude-opus-4-6, claude-sonnet-4-6, claude-haiku-4-5-20251001
+CLAUDE_MODEL=claude-sonnet-4-6
 
+# ----------------------------------------------------------------------------
 # WORKSPACE CONFIGURATION
+# ----------------------------------------------------------------------------
 WORKSPACE_DIR=/workspace
 
-# CLAUDE CONFIGURATION DIRECTORY
+# Claude configuration directory inside containers
 CLAUDE_CONFIG_DIR=/root/.claude
 
-# ============================================================================
-# DATABASE CONFIGURATION (Optional - for persistence)
-# ============================================================================
+# ----------------------------------------------------------------------------
+# APPLICATION CONFIGURATION
+# ----------------------------------------------------------------------------
+NODE_ENV=production
 
-# PostgreSQL
+# Frontend API URLs (used by Nuxt UI)
+NUXT_PUBLIC_API_URL=http://localhost:3000/api
+NUXT_PUBLIC_WS_URL=ws://localhost:3000/ws
+
+# Backend API port (claude-code-backend internal API)
+API_PORT=5000
+API_HOST=0.0.0.0
+
+# ----------------------------------------------------------------------------
+# DATABASE CONFIGURATION (PostgreSQL)
+# Change POSTGRES_PASSWORD before deploying to production!
+# ----------------------------------------------------------------------------
 POSTGRES_USER=claude
 POSTGRES_PASSWORD=changeMe123!
 POSTGRES_DB=claude_agents
 POSTGRES_HOST=postgres
 POSTGRES_PORT=5432
 
-# Redis
+# ----------------------------------------------------------------------------
+# REDIS CONFIGURATION
+# ----------------------------------------------------------------------------
 REDIS_HOST=redis
 REDIS_PORT=6379
 
-# ============================================================================
-# APPLICATION CONFIGURATION
-# ============================================================================
-
-# Node environment
-NODE_ENV=production
-
-# Frontend configuration
-NUXT_PUBLIC_API_URL=http://localhost:3000/api
-NUXT_PUBLIC_WS_URL=ws://localhost:3000/ws
-
-# Backend API configuration
-API_PORT=5000
-API_HOST=0.0.0.0
-
-# ============================================================================
-# LOGGING CONFIGURATION
-# ============================================================================
-
-LOG_LEVEL=info
-DEBUG=false
-
-# ============================================================================
-# NGINX CONFIGURATION (if using Nginx reverse proxy)
-# ============================================================================
-
-NGINX_ENABLE=true
-NGINX_PROXY_PASS_UI=http://agents-ui:3000
-NGINX_PROXY_PASS_API=http://claude-code-backend:5000
-
-# SSL/TLS Configuration (optional)
-# NGINX_SSL_ENABLE=false
-# NGINX_SSL_CERT_PATH=/etc/nginx/certs/cert.pem
-# NGINX_SSL_KEY_PATH=/etc/nginx/certs/key.pem
-
-# ============================================================================
+# ----------------------------------------------------------------------------
 # SECURITY CONFIGURATION
-# ============================================================================
+# Generate a strong secret: openssl rand -base64 32
+# ----------------------------------------------------------------------------
+SESSION_SECRET=replace_with_random_secret_here
 
-# Enable CORS for specific origins
+# CORS - restrict to your domain in production
 CORS_ORIGIN=*
 
-# API rate limiting
+# Rate limiting
 RATE_LIMIT_ENABLED=true
 RATE_LIMIT_MAX_REQUESTS=100
 RATE_LIMIT_WINDOW_MS=60000
 
-# Session configuration
-SESSION_SECRET=your_random_session_secret_here_change_this
+# ----------------------------------------------------------------------------
+# NGINX CONFIGURATION
+# ----------------------------------------------------------------------------
+NGINX_ENABLE=true
+NGINX_PROXY_PASS_UI=http://agents-ui:3000
+NGINX_PROXY_PASS_API=http://claude-code-backend:5000
 
-# ============================================================================
-# STORAGE CONFIGURATION
-# ============================================================================
+# SSL/TLS (optional - requires certs directory)
+# NGINX_SSL_ENABLE=false
+# NGINX_SSL_CERT_PATH=/etc/nginx/certs/cert.pem
+# NGINX_SSL_KEY_PATH=/etc/nginx/certs/key.pem
 
-# Local storage paths (inside containers)
-STORAGE_PATH=/workspace
-CACHE_PATH=/tmp/claude-cache
+# ----------------------------------------------------------------------------
+# AGENT RUNTIME CONFIGURATION
+# ----------------------------------------------------------------------------
+MAX_CONCURRENT_AGENTS=5
+AGENT_TIMEOUT=3600
+ALLOW_SHELL_EXECUTION=true
+ALLOWED_DIRECTORIES=/workspace,/tmp
 
-# Optional: S3/MinIO configuration for distributed storage
+# ----------------------------------------------------------------------------
+# LOGGING & DEBUG
+# ----------------------------------------------------------------------------
+LOG_LEVEL=info
+DEBUG=false
+VERBOSE=false
+HOT_RELOAD=false
+DEBUG_MODE=false
+
+# ----------------------------------------------------------------------------
+# HEALTH CHECKS
+# ----------------------------------------------------------------------------
+HEALTH_CHECK_ENABLED=true
+
+# ----------------------------------------------------------------------------
+# OPTIONAL: S3/MinIO for distributed storage
+# ----------------------------------------------------------------------------
 # S3_ENABLED=false
 # S3_ENDPOINT=https://s3.amazonaws.com
 # S3_BUCKET=claude-agents
@@ -103,45 +116,9 @@ CACHE_PATH=/tmp/claude-cache
 # S3_SECRET_KEY=
 # S3_REGION=us-east-1
 
-# ============================================================================
-# AGENT CONFIGURATION
-# ============================================================================
-
-# Maximum concurrent agents
-MAX_CONCURRENT_AGENTS=5
-
-# Agent timeout (seconds)
-AGENT_TIMEOUT=3600
-
-# Allow agents to execute shell commands
-ALLOW_SHELL_EXECUTION=true
-
-# Allowed directories for agent access (comma-separated)
-ALLOWED_DIRECTORIES=/workspace,/tmp
-
-# ============================================================================
-# MONITORING & OBSERVABILITY
-# ============================================================================
-
-# Enable health checks
-HEALTH_CHECK_ENABLED=true
-
-# Optional: Sentry error tracking
+# ----------------------------------------------------------------------------
+# OPTIONAL: Observability
+# ----------------------------------------------------------------------------
 # SENTRY_DSN=
-
-# Optional: Prometheus metrics
 # PROMETHEUS_ENABLED=false
 # PROMETHEUS_PORT=9090
-
-# ============================================================================
-# DEVELOPMENT CONFIGURATION (not recommended for production)
-# ============================================================================
-
-# Enable hot reload
-HOT_RELOAD=false
-
-# Enable debug mode
-DEBUG_MODE=false
-
-# Verbose logging
-VERBOSE=false