Add optional network firewall to Claude Code feature

.github/workflows/release.yaml

@@ -34,18 +34,53 @@ jobs:
         run: |
           set -e
           echo "Start."
-          # Configure git and Push updates
-          git config --global user.email github-actions[bot]@users.noreply.github.com
-          git config --global user.name github-actions[bot]
-          git config pull.rebase false
+
+          # Create new branch for documentation updates
           branch=automated-documentation-update-$GITHUB_RUN_ID
-          git checkout -b $branch
-          message='Automated documentation update'
-          # Add / update and commit
-          git add */**/README.md
-          git commit -m 'Automated documentation update [skip ci]' || export NO_UPDATES=true
-          # Push
-          if [ "$NO_UPDATES" != "true" ] ; then
-              git push origin "$branch"
-              gh pr create --title "$message" --body "$message"
+          echo "Creating branch: $branch"
+
+          # Create branch via API (this will be automatically signed)
+          gh api \
+            --method POST \
+            /repos/$GITHUB_REPOSITORY/git/refs \
+            -f ref="refs/heads/$branch" \
+            -f sha="$GITHUB_SHA"
+
+          message='Automated documentation update [skip ci]'
+
+          # Find all updated README.md files
+          readmes=$(find . -name "README.md" -path "*/*/README.md")
+
+          # Check if any README files were found
+          if [ -z "$readmes" ]; then
+            echo "No README files found to update"
+            exit 0
           fi
+
+          # Commit each README file via GitHub API (automatically signed)
+          for readme in $readmes; do
+            # Get the current file from the source branch to get its SHA
+            file_path=${readme:2}  # Remove leading ./
+            echo "Committing updates to $file_path"
+
+            # Get current file SHA from the new branch
+            file_sha=$(gh api \
+              --method GET \
+              /repos/$GITHUB_REPOSITORY/contents/$file_path?ref=main \
+              -q '.sha')
+
+            echo "SHA for $file_path: $file_sha"
+
+            # Use GitHub API to commit the file (automatically signed)
+            gh api \
+              --method PUT \
+              /repos/$GITHUB_REPOSITORY/contents/$file_path \
+              -f message="$message" \
+              -f content="$(base64 -i $readme)" \
+              -f sha="$file_sha" \
+              -f branch="$branch" \
+              || echo "No changes to commit for $file_path"
+          done
+
+          # Create PR
+          gh pr create --title "$message" --body "$message" --head "$branch" --base "main" || echo "No changes to create PR for"

src/claude-code/NOTES.md

@@ -3,8 +3,12 @@
 ## Requirements
 
 This feature requires Node.js and npm to be available in the container. You need to either:
+
 1. Use a base container image that includes Node.js, or
 2. Add the Node.js feature to your devcontainer.json
+3. Let this feature attempt to install Node.js automatically (best-effort, works on Debian/Ubuntu, Alpine, Fedora, RHEL, and CentOS)
+
+Note: When auto-installing Node.js, a compatible LTS version (Node.js 18.x) will be used.
 
 ## Recommended configuration
 
@@ -29,4 +33,39 @@ If your container already has Node.js installed (for example, a container based
 
 ## Using with nvm
 
-When using with containers that have nvm pre-installed, you can use the Claude Code feature directly, and it will use the existing Node.js installation.
+When using with containers that have nvm pre-installed, you can use the Claude Code feature directly, and it will use the existing Node.js installation.
+
+## Optional Network Firewall
+
+This feature includes a network firewall script that you can optionally enable to restrict outbound traffic to only essential services (GitHub, npm registry, Anthropic API, etc.). This improves security by limiting the container's network access.
+
+The firewall script is installed but not enabled by default. To enable the firewall, add these to your devcontainer.json:
+
+```json
+"runArgs": [
+    "--cap-add=NET_ADMIN",
+    "--cap-add=NET_RAW"
+],
+"postCreateCommand": "sudo /usr/local/bin/init-firewall.sh"
+```
+
+The firewall will be initialized when the container starts, blocking all outbound connections except to essential services. The allowed services include:
+
+- GitHub API, Git, and Web services
+- npm registry
+- Anthropic API
+- Sentry.io
+- Statsig services
+
+All other outbound connections will be blocked, providing an additional layer of security for your development environment.
+
+### How the Firewall Works
+
+The firewall uses iptables and ipset to:
+
+1. Create a whitelist of allowed domains and IP addresses
+2. Allow all established connections and responses
+3. Allow outbound DNS and SSH
+4. Block all other outbound connections
+
+The script automatically resolves and adds the IP addresses for essential services to the whitelist. If you need to add additional domains to the allowed list, you can modify the firewall script at `/usr/local/bin/init-firewall.sh`.

src/claude-code/devcontainer-feature.json

@@ -1,7 +1,7 @@
 {
     "name": "Claude Code CLI",
     "id": "claude-code",
-    "version": "1.0.4",
+    "version": "1.0.5",
     "description": "Installs the Claude Code CLI globally",
     "options": {},
     "documentationURL": "https://github.com/anthropics/devcontainer-features/tree/main/src/claude-code",

src/claude-code/init-firewall.sh

@@ -0,0 +1,119 @@
+#!/bin/bash
+set -euo pipefail  # Exit on error, undefined vars, and pipeline failures
+IFS=$'\n\t'       # Stricter word splitting
+
+# Flush existing rules and delete existing ipsets
+iptables -F
+iptables -X
+iptables -t nat -F
+iptables -t nat -X
+iptables -t mangle -F
+iptables -t mangle -X
+ipset destroy allowed-domains 2>/dev/null || true
+
+# First allow DNS and localhost before any restrictions
+# Allow outbound DNS
+iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+# Allow inbound DNS responses
+iptables -A INPUT -p udp --sport 53 -j ACCEPT
+# Allow outbound SSH
+iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT
+# Allow inbound SSH responses
+iptables -A INPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
+# Allow localhost
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A OUTPUT -o lo -j ACCEPT
+
+# Create ipset with CIDR support
+ipset create allowed-domains hash:net
+
+# Fetch GitHub meta information and aggregate + add their IP ranges
+echo "Fetching GitHub IP ranges..."
+gh_ranges=$(curl -s https://api.github.com/meta)
+if [ -z "$gh_ranges" ]; then
+    echo "ERROR: Failed to fetch GitHub IP ranges"
+    exit 1
+fi
+
+if ! echo "$gh_ranges" | jq -e '.web and .api and .git' >/dev/null; then
+    echo "ERROR: GitHub API response missing required fields"
+    exit 1
+fi
+
+echo "Processing GitHub IPs..."
+while read -r cidr; do
+    if [[ ! "$cidr" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}$ ]]; then
+        echo "ERROR: Invalid CIDR range from GitHub meta: $cidr"
+        exit 1
+    fi
+    echo "Adding GitHub range $cidr"
+    ipset add allowed-domains "$cidr"
+done < <(echo "$gh_ranges" | jq -r '(.web + .api + .git)[]' | aggregate -q)
+
+# Resolve and add other allowed domains
+for domain in \
+    "registry.npmjs.org" \
+    "api.anthropic.com" \
+    "sentry.io" \
+    "statsig.anthropic.com" \
+    "statsig.com"; do
+    echo "Resolving $domain..."
+    ips=$(dig +short A "$domain")
+    if [ -z "$ips" ]; then
+        echo "ERROR: Failed to resolve $domain"
+        exit 1
+    fi
+
+    while read -r ip; do
+        if [[ ! "$ip" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+            echo "ERROR: Invalid IP from DNS for $domain: $ip"
+            exit 1
+        fi
+        echo "Adding $ip for $domain"
+        ipset add allowed-domains "$ip"
+    done < <(echo "$ips")
+done
+
+# Get host IP from default route
+HOST_IP=$(ip route | grep default | cut -d" " -f3)
+if [ -z "$HOST_IP" ]; then
+    echo "ERROR: Failed to detect host IP"
+    exit 1
+fi
+
+HOST_NETWORK=$(echo "$HOST_IP" | sed "s/\.[0-9]*$/.0\/24/")
+echo "Host network detected as: $HOST_NETWORK"
+
+# Set up remaining iptables rules
+iptables -A INPUT -s "$HOST_NETWORK" -j ACCEPT
+iptables -A OUTPUT -d "$HOST_NETWORK" -j ACCEPT
+
+# Set default policies to DROP first
+# Set default policies to DROP first
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+iptables -P OUTPUT DROP
+
+# First allow established connections for already approved traffic
+iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+# Then allow only specific outbound traffic to allowed domains
+iptables -A OUTPUT -m set --match-set allowed-domains dst -j ACCEPT
+
+echo "Firewall configuration complete"
+echo "Verifying firewall rules..."
+if curl --connect-timeout 5 https://example.com >/dev/null 2>&1; then
+    echo "ERROR: Firewall verification failed - was able to reach https://example.com"
+    exit 1
+else
+    echo "Firewall verification passed - unable to reach https://example.com as expected"
+fi
+
+# Verify GitHub API access
+if ! curl --connect-timeout 5 https://api.github.com/zen >/dev/null 2>&1; then
+    echo "ERROR: Firewall verification failed - unable to reach https://api.github.com"
+    exit 1
+else
+    echo "Firewall verification passed - able to reach https://api.github.com as expected"
+fi