Implement claude auth login + repo cleanup

- Dockerfile: entrypoint bootstraps ~/.claude/.credentials.json from ANTHROPIC_API_KEY (non-interactive auth, no manual claude auth login needed); fix build stage; add jq
- docker-compose.yml: fix build context; update model to claude-sonnet-4-6; pass ANTHROPIC_MODEL env; fix backend healthcheck
- claude-code-stack.env: update models to claude-sonnet-4-6; add CLAUDE_CONFIG_DIR; document auth strategy
- deploy-ssh.sh: add verify_auth step; fix file aliasing on remote; auto-generate secrets; better output
- README.md: document full auth flow end-to-end; add useful commands table

claude-code-stack-docker-compose.yml

@@ -1,26 +1,40 @@
 version: '3.8'
 
+# ============================================================================
+# Claude Code Stack - Docker Compose
+# Services: Claude Agents UI + Claude Code Runtime + PostgreSQL + Redis + Nginx
+# ============================================================================
+
 services:
-  # Claude Code Agents UI - Frontend interface for agent management
+
+  # --------------------------------------------------------------------------
+  # Claude Code Agents UI
+  # Nuxt 3 frontend for managing agents, commands, skills, and workflows.
+  # Reads/writes ~/.claude directory for all configuration storage.
+  # --------------------------------------------------------------------------
   agents-ui:
     build:
-      context: ./claude-code-agents-ui
+      context: .
-      dockerfile: Dockerfile
+      dockerfile: claude-agents-ui-Dockerfile
+    image: claude-agents-ui:latest
     container_name: claude-agents-ui
     restart: unless-stopped
     ports:
       - "3000:3000"
     environment:
-      # Point agents-ui to the Claude Code backend
+      # Required: Anthropic API key - used by the entrypoint for `claude auth`
+      ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY}
+      # Claude config directory inside the container
+      CLAUDE_CONFIG_DIR: /root/.claude
       CLAUDE_DIR: /root/.claude
-      NODE_ENV: production
+      # Model selection (passed through to the UI / Claude Code runtime)
+      ANTHROPIC_MODEL: ${CLAUDE_MODEL:-claude-sonnet-4-6}
+      NODE_ENV: ${NODE_ENV:-production}
     volumes:
-      # Mount Claude configuration directory
+      # Persist Claude credentials and config across restarts
       - claude-config:/root/.claude
-      # Mount workspace directory for agent projects
+      # Shared workspace for agent projects
       - workspace:/workspace
-    depends_on:
-      - claude-code-backend
     networks:
       - claude-stack
     healthcheck:
@@ -28,44 +42,45 @@ services:
       interval: 30s
       timeout: 10s
       retries: 3
-      start_period: 40s
+      start_period: 60s
 
-  # Claude Code Runtime - Backend service for code execution
+  # --------------------------------------------------------------------------
+  # Claude Code Runtime (Backend)
+  # Provides the Claude Code CLI execution environment.
+  # Uses ANTHROPIC_API_KEY directly - no interactive auth needed.
+  # --------------------------------------------------------------------------
   claude-code-backend:
     image: ghcr.io/anthropics/claude-code:latest
     container_name: claude-code-runtime
     restart: unless-stopped
-    ports:
-      - "5000:5000"  # Internal API port if needed
     environment:
-      # Required: Your Anthropic API key
+      # Required: API key for non-interactive claude execution
       ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY}
-      # Optional: Use a custom API endpoint
+      # Model selection
+      ANTHROPIC_MODEL: ${CLAUDE_MODEL:-claude-sonnet-4-6}
+      # Optional: custom API endpoint
       # ANTHROPIC_BASE_URL: https://api.anthropic.com
-      # Claude model selection
-      CLAUDE_MODEL: claude-opus-4-1
-      # Workspace configuration
       WORKSPACE_DIR: /workspace
+      # Run claude in non-interactive mode by default
+      CLAUDE_CODE_DISABLE_NONINTERACTIVE_PROMPT: "false"
     volumes:
-      # Mount Claude configuration
+      # Share Claude config with agents-ui (credentials, agents, settings)
       - claude-config:/root/.claude
-      # Mount workspace for projects
+      # Shared workspace
       - workspace:/workspace
-      # Mount SSH keys for git operations (read-only)
+      # Optional: SSH keys for git operations (read-only)
-      - ${HOME}/.ssh:/root/.ssh:ro
+      # - ${HOME}/.ssh:/root/.ssh:ro
-      # Optional: Mount system package managers for agent access
-      # - /usr/local/bin:/usr/local/bin:ro
     networks:
       - claude-stack
     healthcheck:
-      test: ["CMD", "test", "-d", "/workspace"]
+      test: ["CMD", "sh", "-c", "test -d /workspace && echo ok"]
       interval: 30s
       timeout: 10s
       retries: 3
-    # Security: Run as non-root user
-    user: "0:0"  # Can be configured for non-root if needed
 
-  # Optional: PostgreSQL for agent data persistence
+  # --------------------------------------------------------------------------
+  # PostgreSQL - Agent data persistence
+  # --------------------------------------------------------------------------
   postgres:
     image: postgres:16-alpine
     container_name: claude-postgres
@@ -73,20 +88,22 @@ services:
     ports:
       - "5432:5432"
     environment:
-      POSTGRES_USER: claude
+      POSTGRES_USER: ${POSTGRES_USER:-claude}
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeMe123!}
-      POSTGRES_DB: claude_agents
+      POSTGRES_DB: ${POSTGRES_DB:-claude_agents}
     volumes:
       - postgres-data:/var/lib/postgresql/data
     networks:
       - claude-stack
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U claude"]
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-claude}"]
       interval: 10s
       timeout: 5s
       retries: 5
 
-  # Optional: Redis for caching and session management
+  # --------------------------------------------------------------------------
+  # Redis - Caching and session management
+  # --------------------------------------------------------------------------
   redis:
     image: redis:7-alpine
     container_name: claude-redis
@@ -104,7 +121,9 @@ services:
       timeout: 5s
       retries: 5
 
-  # Optional: Nginx reverse proxy for production setup
+  # --------------------------------------------------------------------------
+  # Nginx - Reverse proxy for production
+  # --------------------------------------------------------------------------
   nginx:
     image: nginx:alpine
     container_name: claude-nginx
@@ -114,11 +133,10 @@ services:
       - "443:443"
     volumes:
       - ./nginx.conf:/etc/nginx/nginx.conf:ro
-      # Uncomment for SSL:
+      # Uncomment to enable SSL:
       # - ./certs:/etc/nginx/certs:ro
     depends_on:
       - agents-ui
-      - claude-code-backend
     networks:
       - claude-stack
     healthcheck:
@@ -127,16 +145,26 @@ services:
       timeout: 10s
       retries: 3
 
+# ============================================================================
+# Volumes
+# ============================================================================
 volumes:
+  # Claude config/credentials - persists auth state across restarts
   claude-config:
     driver: local
+  # Shared workspace for agent projects
   workspace:
     driver: local
+  # PostgreSQL data
   postgres-data:
     driver: local
+  # Redis AOF data
   redis-data:
     driver: local
 
+# ============================================================================
+# Networks
+# ============================================================================
 networks:
   claude-stack:
     driver: bridge