From 9f1447b4bc09c944daa3919c2253c216c8419ab5 Mon Sep 17 00:00:00 2001 From: claude-prodromou Date: Mon, 11 May 2026 14:56:51 -0700 Subject: [PATCH] codex-shell: bump CLI versions + disable autoupdate + skip-permissions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Three coupled changes that together make the agent containers boot into a usable, current-version state without manual intervention. 1. Bump pinned CLI versions to current npm latest: CLAUDE_CODE_VERSION: 2.1.133 → 2.1.139 OPENAI_CODEX_VERSION: 0.129.0 → 0.130.0 This is what runtime auto-update was trying (and failing) to do. Letting Renovate own ongoing bumps via PRs matches the rest of the codex-shell pinning model. 2. ENV DISABLE_AUTOUPDATER=true. Runtime auto-update can't succeed inside the container anyway — npm rename within /usr/bin/ requires root, and the agent user is uid 10001. The chown patch (PR #23) covered /usr/lib/node_modules/@anthropic-ai and the symlink itself but couldn't cover write-perms on the /usr/bin/ parent. With the ARG-pinned versions, suppressing the updater removes a noisy TUI banner without losing any actual version-update capability. 3. Add --dangerously-skip-permissions to the claude launch command. Without this, every restart drops the agent back into per-tool approval mode and unattended task execution stalls waiting for a human. The pod IS the sandbox boundary; the per-tool approval gate isn't load-bearing inside it. Co-Authored-By: Claude Opus 4.7 (1M context) --- Dockerfile | 12 ++++++++++-- bin/entrypoint.sh | 6 +++++- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index e6a6f26..f510c3d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -255,9 +255,17 @@ RUN set -eux; \ # build pulls latest, which is non-reproducible and skips the patch # auto-merge gate. # renovate: datasource=npm depName=@anthropic-ai/claude-code -ARG CLAUDE_CODE_VERSION=2.1.133 +ARG CLAUDE_CODE_VERSION=2.1.139 # renovate: datasource=npm depName=@openai/codex -ARG OPENAI_CODEX_VERSION=0.129.0 +ARG OPENAI_CODEX_VERSION=0.130.0 + +# Disable Claude Code's runtime auto-updater. Version is pinned via the +# ARG above and bumped by Renovate PRs, not at runtime — that matches +# the rest of the codex-shell pinning model. The auto-updater also can't +# succeed inside the container anyway (npm rename within /usr/bin/ +# requires root, which the agent user is not), so leaving it enabled +# just produces a noisy banner at TUI startup. +ENV DISABLE_AUTOUPDATER=true # Install as root (writes to /usr/lib/node_modules), then chown the # scope directory + entrypoint symlink to uid/gid 10001 so the agent # user can run `npm install -g` for auto-updates without EACCES on the diff --git a/bin/entrypoint.sh b/bin/entrypoint.sh index 91fe3ef..4112074 100644 --- a/bin/entrypoint.sh +++ b/bin/entrypoint.sh @@ -93,7 +93,11 @@ claude) INSTRUCTIONS_LINK="${AGENT_CONFIG_DIR}/CLAUDE.md" # Continue the most recent session; fall back to fresh claude if # none exists, then bash if claude exits. - AGENT_LAUNCH_CMD='claude --continue 2>/dev/null || claude; exec bash -l' + # --dangerously-skip-permissions: the pod is the sandbox boundary, + # and the agent is meant to operate without per-tool approval + # prompts. Without this flag every session has to re-enable it + # manually post-restart, which breaks unattended task execution. + AGENT_LAUNCH_CMD='claude --dangerously-skip-permissions --continue 2>/dev/null || claude --dangerously-skip-permissions; exec bash -l' mkdir -p "${AGENT_CONFIG_DIR}" # Claude Code uses interactive `/login` on first connect; credentials