dave/storkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 8 Wiki Activity
2,358 Commits 1 Branch 8 Tags
af72f593e82aa60b64b916b46bc8b8aa957955f0
Commit Graph

2358 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave
af72f593e8 storkit: create 364_bug_test_suite_incompatible_with_hardened_docker_environment 2026-03-22 13:50:14 +00:00
Dave
ac8112bf0b storkit: accept 361_story_remove_deprecated_manual_qa_front_matter_field 2026-03-22 01:48:51 +00:00
Dave
9bf4b65707 storkit: accept 359_story_harden_docker_setup_for_security 2026-03-22 00:23:40 +00:00
Dave
240ebf055a storkit: accept 329_spike_evaluate_docker_orbstack_for_agent_isolation_and_resource_limiting 2026-03-22 00:22:39 +00:00
Dave
293a2fcfb6 storkit: done 361_story_remove_deprecated_manual_qa_front_matter_field 2026-03-21 21:51:31 +00:00
Dave
4ccc3d9149 storkit: merge 361_story_remove_deprecated_manual_qa_front_matter_field 2026-03-21 21:51:27 +00:00
Timmy
eef0f3ee7d Add clippy to Docker image 
Acceptance gates run cargo clippy but the component wasn't installed
in the build stage. Agents were doing real work then failing every
gate check because clippy wasn't available.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-21 21:43:09 +00:00
Dave
9dc7c21b05 storkit: create 363_story_mcp_tool_for_whatsup_story_triage 2026-03-21 21:29:42 +00:00
Dave
76369de391 storkit: create 362_story_bot_whatsup_command_shows_in_progress_work_summary 2026-03-21 21:26:02 +00:00
Dave
b747cc0fab storkit: create 362_story_bot_whatsup_command_shows_in_progress_work_summary 2026-03-21 21:25:36 +00:00
Dave
f74a0425a9 storkit: create 362_story_bot_whatsup_command_shows_in_progress_work_summary 2026-03-21 21:22:52 +00:00
Dave
b0b21765d9 storkit: create 362_story_bot_whatsup_command_shows_in_progress_work_summary 2026-03-21 21:22:16 +00:00
Timmy
9075bc1a84 Fix tmpfs ownership so storkit user can write to home dir 
The tmpfs at /home/storkit defaulted to root ownership (mode=755),
so Claude Code couldn't write ~/.claude.json or ~/.cache/. Set
uid=999,gid=999 to match the storkit user.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-21 21:19:16 +00:00
Timmy
9f873dc839 Fix Claude Code hanging in hardened container 
Claude Code writes to ~/.claude.json, ~/.cache/, and ~/.npm/ which
failed silently on the read-only root filesystem. Add tmpfs at
/home/storkit so the home dir is writable (the claude-state volume
overlays on top for persistent .claude/ data).

Also fix .dockerignore: use **/target/ to match nested target dirs,
add .storkit/logs/ and **/node_modules/ to prevent multi-GB build
context transfers.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-21 21:16:24 +00:00
Dave
3774c3dca7 storkit: done 359_story_harden_docker_setup_for_security 2026-03-21 20:57:07 +00:00
Timmy
cd095f9a99 Fix rebuild_and_restart in Docker by using cargo output path 
Use the known cargo build output path instead of current_exe() when
re-execing after a rebuild. In Docker, the running binary lives at
/usr/local/bin/storkit (read-only) while cargo writes the new binary
to /app/target/release/storkit (a writable volume), so current_exe()
would just restart the old binary.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-21 20:42:38 +00:00
Timmy
fe0f560b58 Harden Docker container security 
Run as non-root user (fixes Claude Code refusing bypassPermissions as
root, which caused all agent spawns to exit instantly with no session).
Add read-only root filesystem, drop all capabilities, set
no-new-privileges, bind port to localhost only, and require
GIT_USER_NAME/GIT_USER_EMAIL env vars at startup.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-21 20:33:50 +00:00
Timmy
0416bf343c storkit: delete 57_story_live_test_gate_updates 2026-03-21 20:23:45 +00:00
Timmy
c3e4f85903 storkit: done 329_spike_evaluate_docker_orbstack_for_agent_isolation_and_resource_limiting 2026-03-21 20:22:02 +00:00
Timmy
52d9d0f9ce storkit: done 329_spike_evaluate_docker_orbstack_for_agent_isolation_and_resource_limiting 2026-03-21 20:20:41 +00:00
Timmy
996ba82682 storkit: create 329_spike_evaluate_docker_orbstack_for_agent_isolation_and_resource_limiting 2026-03-21 20:19:56 +00:00
Timmy
1f4152c894 storkit: create 361_story_remove_deprecated_manual_qa_front_matter_field 2026-03-21 19:59:52 +00:00
Timmy
02b481ee4c storkit: create 359_story_harden_docker_setup_for_security 2026-03-21 19:48:44 +00:00
Timmy
9c339c118f storkit: create 359_story_harden_docker_setup_for_security 2026-03-21 19:45:26 +00:00
Timmy
4790aac286 storkit: create 359_story_harden_docker_setup_for_security and 360_story_run_storkit_container_under_gvisor_runsc_runtime 2026-03-21 19:43:48 +00:00
Dave
b2d92d6059 storkit: accept 90_story_fetch_real_context_window_size_from_anthropic_models_api 2026-03-21 15:58:15 +00:00
Dave
71887af2d3 storkit: accept 358_story_remove_makefile_and_make_script_release_the_single_entry_point_for_releases 2026-03-21 15:55:15 +00:00
Dave
5db9965962 storkit: done 358_story_remove_makefile_and_make_script_release_the_single_entry_point_for_releases 2026-03-21 12:04:11 +00:00
Dave
e109e1ba5c storkit: merge 358_story_remove_makefile_and_make_script_release_the_single_entry_point_for_releases 2026-03-21 12:04:08 +00:00
Dave
3554594d8d storkit: done 90_story_fetch_real_context_window_size_from_anthropic_models_api 2026-03-21 12:01:24 +00:00
Dave
a6c8cf0daf storkit: merge 90_story_fetch_real_context_window_size_from_anthropic_models_api 2026-03-21 12:01:21 +00:00
Dave
30a56d03e5 storkit: create 358_story_remove_makefile_and_make_script_release_the_single_entry_point_for_releases 2026-03-21 11:55:13 +00:00
Dave
4734bd943f Fixing release 2026-03-21 11:52:18 +00:00
Dave
a1dd88579b storkit: accept 344_story_chatgpt_agent_backend_via_openai_api 2026-03-21 03:40:23 +00:00
Dave
759a289894 storkit: done 344_story_chatgpt_agent_backend_via_openai_api 2026-03-20 23:52:24 +00:00
Dave
be3b5b0b60 storkit: merge 344_story_chatgpt_agent_backend_via_openai_api 2026-03-20 23:52:21 +00:00
Dave
fbf391684a storkit: create 344_story_chatgpt_agent_backend_via_openai_api 2026-03-20 23:39:34 +00:00
Dave
65546a42b7 storkit: accept 343_refactor_abstract_agent_runtime_to_support_non_claude_code_backends 2026-03-20 22:58:45 +00:00
Dave
4e014d45c3 storkit: accept 345_story_gemini_agent_backend_via_google_ai_api 2026-03-20 22:54:45 +00:00
Dave
4f39de437f storkit: done 345_story_gemini_agent_backend_via_google_ai_api 2026-03-20 22:53:44 +00:00
Dave
79ee6eb0dc storkit: merge 345_story_gemini_agent_backend_via_google_ai_api 2026-03-20 22:53:41 +00:00
Dave
c930c537bc storkit: accept 357_story_bot_assign_command_to_pre_assign_a_model_to_a_story 2026-03-20 22:41:00 +00:00
Dave
f129a38704 storkit: done 343_refactor_abstract_agent_runtime_to_support_non_claude_code_backends 2026-03-20 22:07:52 +00:00
Dave
4344081b54 storkit: merge 343_refactor_abstract_agent_runtime_to_support_non_claude_code_backends 2026-03-20 22:07:49 +00:00
Dave
52c5344ce5 storkit: accept 350_story_mcp_tool_for_code_definitions_lookup 2026-03-20 19:30:08 +00:00
Dave
35bd196790 storkit: accept 356_story_start_command_should_say_queued_not_error_when_all_coders_are_busy 2026-03-20 19:09:02 +00:00
Dave
65c8dc19d6 storkit: create 329_spike_evaluate_docker_orbstack_for_agent_isolation_and_resource_limiting 2026-03-20 19:05:18 +00:00
Dave
645a141d2d storkit: create 343_refactor_abstract_agent_runtime_to_support_non_claude_code_backends 2026-03-20 18:57:52 +00:00
Dave
11d1980920 storkit: done 357_story_bot_assign_command_to_pre_assign_a_model_to_a_story 2026-03-20 18:51:48 +00:00
Dave
83879cfa9e storkit: merge 357_story_bot_assign_command_to_pre_assign_a_model_to_a_story 2026-03-20 18:51:45 +00:00