Isolated Development Container

A feature-rich containerized development environment for safely using Claude Code CLI and other AI assistants in "dangerous mode" for multi-language development.

Quick Start

Container Images:

ghcr.io/gherlein/localdev:latest - Lightweight (Node.js LTS, Go, essential tools)
ghcr.io/gherlein/localfull:latest - Full-featured (Java 17, Atlassian CLI, multiple Node versions)

Installation Methods

Choose one of these methods to get started:

Option 1: One-Liner Install (Easiest)

# Install launcher scripts
curl -fsSL https://raw.githubusercontent.com/gherlein/localdev/main/install.sh | bash

# Pull container image
podman pull ghcr.io/gherlein/localdev:latest

# Run
localdev

Option 2: Extract Scripts from Container

# Pull container image
podman pull ghcr.io/gherlein/localdev:latest

# Extract launcher scripts from the image
podman run --rm -v ~/bin:/output ghcr.io/gherlein/localdev:latest \
  sh -c 'cp /opt/localdev/bin/* /output/ && chmod +x /output/*'

# Run
localdev

Option 3: Clone Repository (For Contributors)

# Clone the repo
git clone https://github.com/gherlein/localdev.git
cd localdev

# Pull or build
make pull          # Pull pre-built image
# OR
make build         # Build locally

# Install scripts
make install

# Run
localdev

Purpose

This Podman/Docker container provides an isolated environment where Claude Code and other AI assistants can operate with elevated permissions (--dangerously-skip-permissions) without compromising your host system. The container includes a comprehensive development toolchain for modern software development.

Container Variants

Two container variants are available:

Container	Script	Image	Description
localdev (default)	`localdev`	`ghcr.io/gherlein/localdev:latest`	Lightweight, fast-starting container with Node.js LTS, Go, and essential tools. Uses isolated container networking.
localdevnet	`localdevnet`	`ghcr.io/gherlein/localdev:latest`	Same as `localdev` but runs with `--network host`, sharing the host's network stack directly. Use when the container needs to reach localhost services or LAN addresses.
localfull	`localfull`	`ghcr.io/gherlein/localfull:latest`	Full-featured container with Java 17, Atlassian CLI, multiple Node.js versions. Uses isolated container networking.

What's in localdev (default)

Debian Bookworm slim base (fast startup)
Node.js LTS only (via nvm)
Go toolchain with essential tools
Claude Code CLI, TypeScript, pnpm, eslint, prettier
No Java, no Atlassian CLI

What's in localfull

Eclipse Temurin 17 JDK base
Multiple Node.js versions (14, 18, LTS)
Full Go toolchain with all tools
Atlassian CLI (acli)
Marp CLI, mermaid-cli, Hugo, and more

Features

Core Environment

Security: Non-root user (developer) for best practices
Architecture Support: AMD64 and ARM64
USB Passthrough: Access to /dev/bus/usb for hardware development (Linux only, automatically disabled on macOS)

Language Support

Go (v1.25.0)

Full Go toolchain with proper GOPATH configuration
Development tools: goimports, godoc, gofumpt, govulncheck
Linters: golangci-lint, staticcheck
Debugging: Delve (dlv)
Code generation: wire, gomodifytags, impl, gotests
Mock generation: mockgen
Formatting: golines (optional, may fail on some architectures)

Node.js (via NVM)

localdev: Node.js LTS only
localfull: Node.js 14.16.0, 18.18.2, and LTS
Package managers: npm, pnpm
TypeScript with ts-node
Code quality: eslint, prettier
localfull only: webpack, esbuild, jest, vitest, nodemon, npm-check-updates

Python

Python 3 with pip
uv package manager
md2pdf tool

Java (localfull only)

Eclipse Temurin JDK 17 (base image, provides JVM for Atlassian CLI and other tools)

AI Assistants

Claude Code CLI (@anthropic-ai/claude-code)
- Global ~/.claude configuration is natively available inside the container
- Convenient alias: clauded (runs with --dangerously-skip-permissions)
- Alternative alias: copilotd (runs with --allow-all-tools)
GitHub Copilot CLI (@github/copilot)

Development Tools

Version Control: Git, GitHub CLI (gh)
Atlassian: Atlassian CLI (acli) - localfull only
Containerization: Podman with rootless configuration
Documentation: Marp CLI, mermaid-cli, md-to-pdf, pdf2md, Hugo - localfull only
Utilities: jq, tree, curl, build-essential, file, xxd, zip, unzip
Multimedia: ffmpeg, imagemagick, qpdf
Network: libpcap-dev
USB: usbutils, libusb-1.0, udev
Package Management: Homebrew - localfull only

Prerequisites

This project uses Podman instead of Docker for license compatibility and rootless container support.

Install Podman

# Ubuntu/Debian
sudo apt-get install podman

# Or use the Makefile
make pre

See podman.io for other platforms.

Configuring Podman Machine Memory (macOS)

On macOS, Podman runs inside a virtual machine. The default memory allocation (2GB) is insufficient for building this container, which includes memory-intensive Go tool compilations (particularly buf and protoc-gen-go).

Recommended: 16GB for optimal build performance. Adjust based on your host system's available RAM.

# Stop the Podman machine
podman machine stop

# Set memory to 16GB (16384 MB)
podman machine set --memory 16384

# Start the machine
podman machine start

# Verify the configuration
podman machine list

Guidelines for memory allocation:

16GB or less host RAM: Allocate 8GB (--memory 8192)
32GB or more host RAM: Allocate 16GB (--memory 16384) (recommended)
64GB or more host RAM: Allocate 24GB+ (--memory 24576) for maximum performance

If you encounter "signal: killed" errors during Go tool installations, your Podman machine memory is too low.

Building the Container Locally

Quick Build (Default Container)

make build

This builds the lightweight ghcr.io/gherlein/localdev:latest container with:

Memory limit: 16GB
Automatic architecture detection (amd64/arm64)
Pull latest base images

Build Full Container

make build-full

This builds the ghcr.io/gherlein/localfull:latest container with Java, Atlassian CLI, and additional tools.

Build Both Containers

make all

Build from Scratch (No Cache)

make no-cache           # Both containers
make no-cache-default   # Default container only
make no-cache-full      # Full container only

Backwards Compatibility Aliases

make default  # Same as 'make build'
make full     # Same as 'make build-full'

Manual Build

# Detect architecture
ARCH=$(uname -m)
if [ "$ARCH" = "x86_64" ]; then TARGETARCH=amd64; else TARGETARCH=arm64; fi

# Build default (lightweight) container
podman build -t ghcr.io/gherlein/localdev:latest --memory=16g --build-arg TARGETARCH=$TARGETARCH --pull .

# Build full container
podman build -t ghcr.io/gherlein/localfull:latest --memory=16g --build-arg TARGETARCH=$TARGETARCH --pull -f Containerfile.full .

Publishing to Container Registry

After building locally, you can publish the containers to GitHub Container Registry (ghcr.io).

Prerequisites for Publishing

Note: These instructions are for project contributors who need to publish container images. If you're just using the containers, skip to Pulling and Running on Another Host.

Authentication Requirements

You need:

Push permissions to the gherlein/localdev repository
Authentication to GitHub Container Registry with package write permissions

Authentication Method 1: Using GitHub CLI (Recommended)

If you already use gh CLI, this is the easiest method:

# Check if you're already authenticated
gh auth status

# Add package scopes to your existing token
gh auth refresh -s write:packages,read:packages

# This will open a browser - follow the prompts to authorize the additional scopes

After authorizing, login to ghcr.io:

# Login using your gh token
gh auth token | podman login ghcr.io -u gherlein --password-stdin

Verify the login:

podman login ghcr.io
# Should show: "Logged in to ghcr.io"

Authentication Method 2: Personal Access Token

If you don't use gh CLI or prefer a separate token:

Create a Personal Access Token (classic) at: https://github.com/settings/tokens/new
Give it a descriptive name (e.g., "localdev container publishing")
Select these scopes:
- ✅ write:packages - Upload packages to GitHub Package Registry
- ✅ read:packages - Download packages from GitHub Package Registry
Click "Generate token" and copy it immediately

Then login:

podman login ghcr.io -u gherlein
# When prompted for password, paste your Personal Access Token

Verifying Authentication

# Check stored credentials
cat ~/.config/containers/auth.json | grep ghcr.io

# Or verify you can pull (public images work without auth, but this confirms the credentials are valid)
podman pull ghcr.io/gherlein/localdev:latest

Publishing Commands

Once authenticated, you can publish containers:

# Publish latest (default)
make publish          # Publishes ghcr.io/gherlein/localdev:latest
make publish-full     # Publishes ghcr.io/gherlein/localfull:latest
make publish-all      # Publish both containers

# Publish with semantic version (recommended for releases)
make publish VERSION=v1.0.0          # Publishes both v1.0.0 and latest
make publish-full VERSION=v1.2.0     # Publishes both v1.2.0 and latest

Semantic Versioning:

When VERSION is specified (e.g., v1.0.0), the Makefile creates two tags: the version tag and latest
Both tags are pushed to the registry
Users can pin to specific versions (ghcr.io/gherlein/localdev:v1.0.0) or use latest
Follow semantic versioning: vMAJOR.MINOR.PATCH

Each publish command:

Builds the container if not already built (or if source changed)
Tags with specified VERSION (or latest if not specified)
If VERSION is not latest, also tags and pushes as latest
Pushes all tags to ghcr.io/gherlein/localdev or ghcr.io/gherlein/localfull
Makes the image available for others to pull

Note: Authentication credentials persist in ~/.config/containers/auth.json, so you only need to login once per machine.

Publishing Troubleshooting

403 Forbidden error:

Error: trying to reuse blob sha256:... received unexpected HTTP status: 403 Forbidden

This means authentication failed. Solutions:

Check you're logged in: podman login ghcr.io
Verify your token has write:packages scope
Try logging out and back in: podman logout ghcr.io && gh auth token | podman login ghcr.io -u gherlein --password-stdin

401 Unauthorized error:

Your token may have expired. Re-run the authentication steps above.

Image already exists:

If you need to republish the same version, the push should still work (it will reuse existing layers). If you get conflicts, you may need to delete the package version from GitHub and republish.

Release Workflow for Contributors

When creating a new release:

Update version-specific documentation (if any)

Build and test locally:

make build VERSION=v1.0.0
make run VERSION=v1.0.0
# Test the container thoroughly

Publish to registry:
```
make publish VERSION=v1.0.0
```

Create GitHub Release:

Go to https://github.com/gherlein/localdev/releases/new
Tag: v1.0.0
Title: Release v1.0.0

Description should include:

## Container Images

```bash
# Pull specific version
podman pull ghcr.io/gherlein/localdev:v1.0.0
podman pull ghcr.io/gherlein/localfull:v1.0.0

# Or pull latest
podman pull ghcr.io/gherlein/localdev:latest
podman pull ghcr.io/gherlein/localfull:latest

Changes

List of changes...

Verify on registry:
- Check https://github.com/gherlein/localdev/pkgs/container/localdev
- Verify both v1.0.0 and latest tags are visible

Inspecting Image Metadata

The containers include OCI annotations with standard metadata:

# View all labels/annotations
podman inspect ghcr.io/gherlein/localdev:latest | jq '.[0].Labels'

# View specific annotations
podman inspect ghcr.io/gherlein/localdev:latest | jq '.[0].Labels."org.opencontainers.image.source"'
podman inspect ghcr.io/gherlein/localdev:latest | jq '.[0].Labels."org.opencontainers.image.description"'

Pulling and Running on Another Host

You can pull and use the pre-built containers on any host without building locally.

Pull the Containers

# Pull latest version (default)
make pull
make pull-full

# Pull specific version
make pull VERSION=v1.0.0
make pull-full VERSION=v1.0.0

# Or manually with podman
podman pull ghcr.io/gherlein/localdev:latest
podman pull ghcr.io/gherlein/localfull:latest

# Pull specific version manually
podman pull ghcr.io/gherlein/localdev:v1.0.0
podman pull ghcr.io/gherlein/localfull:v1.0.0

Install Launcher Scripts on New Host

Method 1: One-Liner (Recommended)

# Download and install launcher scripts
curl -fsSL https://raw.githubusercontent.com/gherlein/localdev/main/install.sh | bash

# Pull container images
podman pull ghcr.io/gherlein/localdev:latest
podman pull ghcr.io/gherlein/localfull:latest  # optional

Method 2: Extract from Container

# Pull the image first
podman pull ghcr.io/gherlein/localdev:latest

# Extract scripts from container
podman run --rm -v ~/bin:/output ghcr.io/gherlein/localdev:latest \
  sh -c 'cp /opt/localdev/bin/* /output/ && chmod +x /output/*'

# Or use the Makefile (requires cloning repo)
git clone https://github.com/gherlein/localdev.git
cd localdev
make pull
make install-scripts

Method 3: Clone Repository

git clone https://github.com/gherlein/localdev.git
cd localdev
make pull          # Or: make build to build locally
make install

All methods install the launcher scripts (localdev, localdevnet, localfull) to ~/bin/.

Verify Installation:

# Check scripts are installed
which localdev

# Run
localdev

Quick Start on New Host (No Clone)

If you just want to run the container without the launcher scripts:

# Pull the image
podman pull ghcr.io/gherlein/localdev:latest

# Run directly
podman run --rm -it \
  --userns=keep-id \
  -v "$(pwd):/workspace" \
  -w /workspace \
  ghcr.io/gherlein/localdev:latest \
  bash

Using the Container

Launcher Scripts

Three scripts provide convenient access to the containers with automatic directory mounting and support for read-only external directories.

localdev - launches the lightweight container with isolated networking (default)
localdevnet - launches the same lightweight container with --network host, sharing the host's network stack; use this when the container needs to connect to services running on localhost or your LAN
localfull - launches the full-featured container (Java, Atlassian CLI, multiple Node versions) with isolated networking

Installation

# Copy all launchers to your bin directory
make install

# Or manually
cp localdev localdevnet localfull ~/bin/
chmod +x ~/bin/localdev ~/bin/localdevnet ~/bin/localfull

Basic Usage

# Run in current directory (isolated networking)
./localdev

# Run with host networking (reach localhost/LAN services)
./localdevnet

# Run full container (Java, Atlassian CLI, multiple Node versions)
./localfull

# Or if installed to ~/bin
localdev
localdevnet
localfull

This mounts your current working directory into the container at /<directory-name>.

First Run Performance

The first run of a new container will be noticeably slow (30-60+ seconds) due to:

User namespace setup: Podman's --userns=keep-id creates UID/GID mappings on first use
Overlay filesystem initialization: The container's layered filesystem requires initial setup
Device permission checks: USB passthrough (--device /dev/bus/usb) adds overhead

Subsequent runs are much faster as these mappings and caches persist between sessions.

Mount Architecture

The localdev script creates the following mount structure:

Container Filesystem
├── /<project-name>/        # Your current directory (read-write)
├── /home/developer/.claude/ # Host ~/.claude directory (read-write, native path)
│   ├── CLAUDE.md          # Global Claude instructions
│   ├── settings.json      # Claude settings
│   └── ...                # Other Claude configuration
└── /external/             # Additional read-only mounts
    ├── repo1/
    ├── repo2/
    └── ...

Global `.claude` Directory

The script automatically mounts your host's ~/.claude directory to the native home directory location inside the container:

Location: $HOME/.claude → /home/developer/.claude (i.e. ~/.claude inside the container)
Permissions: Read-write
Auto-create: The directory is created on the host if it doesn't exist
Native discovery: Claude Code natively reads from ~/.claude, so no special flags are needed

This enables:

Global CLAUDE.md instructions available in all projects
Persistent Claude settings across sessions
Shared slash commands and configurations

Mounting External Directories

The launchers mount additional directories under /external/<directory-name> inside the container. Directories are mounted read-only by default. Use -rw to mount a directory read-write.

Each launcher prints a summary of every mount before starting the container, and writes a ~/mounts file inside the container with the full host→container path mapping.

Mount Flags

Syntax	Effect
`./localdev /path/to/dir`	Mount read-only (default)
`./localdev -ro /path/to/dir`	Mount read-only (explicit)
`./localdev -rw /path/to/dir`	Mount read-write

Flags apply to the single path that immediately follows them. Multiple paths and flags may be mixed freely.

Method 1: Command Line Arguments

# Read-only (default) — same as before
./localdev /path/to/reference

# Explicit read-only
./localdev -ro /path/to/reference

# Read-write
./localdev -rw /path/to/shared-output

# Mixed: one read-only, one read-write
./localdev /path/to/reference -rw /path/to/shared-output

# Multiple paths
./localdev /path/to/repo1 /path/to/repo2 -rw /path/to/shared

Example output:

Mounting (read-only):  /home/user/reference-code -> /external/reference-code
Mounting (read-write): /home/user/shared-output -> /external/shared-output
Mounting (read-write): /home/user/.claude -> /home/developer/.claude
Mounting (read-write): /home/user/myproject -> /myproject (workspace)

Method 2: Environment Variable

Set LOCALDEV_MOUNTS with semicolon-separated entries. Prefix with rw: for read-write, or ro: / no prefix for read-only.

# Read-only entries (no prefix or ro: prefix)
export LOCALDEV_MOUNTS="/home/user/reference-code;ro:/home/user/docs"

# Read-write entry
export LOCALDEV_MOUNTS="rw:/home/user/shared-output"

# Mixed
export LOCALDEV_MOUNTS="/home/user/reference;rw:/home/user/shared-output"

./localdev

Combining Both Methods

export LOCALDEV_MOUNTS="/home/user/common-libs"
./localdev -rw /home/user/project-specific-output

The `~/mounts` File

After launching, a file at ~/mounts inside the container lists every external mount:

# localdev mount map
# HOST PATH -> CONTAINER PATH (mode)
/home/user/reference-code -> /external/reference-code (read-only)
/home/user/shared-output -> /external/shared-output (read-write)
/home/user/.claude -> /home/developer/.claude (read-write)

Requirements for External Mounts

Paths must be absolute (not relative)
Directories must exist and be readable
Invalid paths are skipped with warnings

Manual Container Usage

Simple Run

# Using Makefile (default container)
make run

# Full container
make run-full

# Or manually
podman run --rm -it -v "$(pwd):/workspace" ghcr.io/gherlein/localdev:latest bash      # default
podman run --rm -it -v "$(pwd):/workspace" ghcr.io/gherlein/localfull:latest bash     # full

Custom Mount Points

# Mount specific project directory
podman run --rm -it -v "/path/to/project:/workspace" ghcr.io/gherlein/localdev:latest bash

# Multiple mounts
podman run --rm -it \
  -v "$(pwd):/workspace" \
  -v "/path/to/libs:/libs:ro" \
  -v "$HOME/.claude:/home/developer/.claude:rw" \
  ghcr.io/gherlein/localdev:latest bash

Inside the Container

Using Claude Code

# Standard invocation (finds ~/.claude config natively)
claude

# With convenient alias (dangerous mode)
clauded

# Or full command
claude --dangerously-skip-permissions

# Alternative for copilot compatibility
copilotd

Note: Claude Code natively reads from ~/.claude, which is mounted from your host's ~/.claude directory. No special flags are needed.

Accessing External Mounts

If you mounted external directories using the localdev script:

# List external directories
ls -la /external/

# Access specific external directory
cd /external/reference-code
cat /external/docs/api-spec.md

Node.js Version Management (localfull only)

Multiple Node.js versions are only available in the localfull container:

# Switch Node.js versions
nvm use 14
nvm use 18
nvm use default  # LTS

# List installed versions
nvm list

Note: The default localdev container only includes Node.js LTS.

USB Device Access

The container includes USB passthrough for hardware development on Linux systems. USB passthrough is automatically disabled on macOS as /dev/bus/usb is not available on that platform.

# List USB devices (Linux only)
lsusb

# Access USB devices for development
# (requires appropriate permissions on host)

Note: On macOS, USB device access from within the container is not supported due to platform limitations.

Development Workflow Example

# Start container with external reference code
./localdev /home/user/api-reference

# Inside container
cd /myproject

# Your global CLAUDE.md is available
cat ~/.claude/CLAUDE.md

# Access external reference
cat /external/api-reference/examples/auth.go

# Use Claude to help with development
clauded

# Build and test
go build ./...
go test ./...
npm test

Security Considerations

Container Isolation

Filesystem: Only mounted directories are accessible
Network: Isolated container network (localdev, localfull) or host network (localdevnet)
User: Runs as non-root developer user (UID/GID 1000)
User Namespace: --userns=keep-id ensures files created in container have correct host ownership
Cleanup: Use --rm flag for automatic container removal

Read-Only Mounts

External directories mounted by the localdev script are read-only, preventing accidental modifications to reference code or shared libraries.

Host Protection

The container isolates AI assistants' file operations from your host system. Even in "dangerous mode," Claude can only affect files within mounted directories.

Best Practices

Only mount directories you need
Use read-only mounts (:ro) for reference materials
Review changes before committing from host
Don't mount sensitive directories like ~/.ssh unless necessary
Use version control for all work

Architecture

Directory Structure Inside Container

/
├── <project-name>/        # Dynamic working directory (your pwd)
├── home/developer/.claude/ # Global Claude configuration (from host ~/.claude)
│   ├── CLAUDE.md         # Global instructions
│   ├── settings.json     # Claude settings
│   └── commands/         # Custom slash commands
├── external/              # External read-only mounts (via localdev script)
│   ├── repo1/
│   ├── repo2/
│   └── ...
├── usr/local/go/          # Go installation
├── usr/local/nvm/         # Node.js version manager
├── home/developer/        # Developer user home
│   ├── go/               # GOPATH
│   │   ├── bin/
│   │   ├── pkg/
│   │   └── src/
│   └── .local/bin/       # uv and tools
└── home/linuxbrew/        # Homebrew installation

Environment Variables

The container sets up these key environment variables:

GOROOT=/usr/local/go
GOPATH=/home/developer/go
NVM_DIR=/usr/local/nvm
PATH includes:
  - /usr/local/go/bin
  - /home/developer/go/bin
  - /usr/local/nvm/versions/node/<version>/bin
  - /home/developer/.local/bin
  - /home/linuxbrew/.linuxbrew/bin

Podman Options Used

The localdev script runs the container with these options:

Option	Purpose
`--userns=keep-id`	Maps container user to host user for correct file ownership
`--device /dev/bus/usb`	Enables USB device passthrough (Linux only, automatically skipped on macOS)
`--group-add keep-groups`	Preserves host group memberships
`-e HOST_UID/HOST_GID`	Passes host user IDs for reference
`--network host`	(`localdevnet` only) Shares host network stack instead of isolated container network
`-v <path>:/external/<name>:ro`	External directory mounted read-only (default, or explicit `-ro` flag)
`-v <path>:/external/<name>:rw`	External directory mounted read-write (`-rw` flag)
`-v <tmpfile>:~/mounts:ro`	Host→container path map file, readable at `~/mounts` inside the container

Troubleshooting

Build Issues

Out of Memory (OOM) errors during build:

macOS users: The Podman machine needs sufficient memory. See Configuring Podman Machine Memory for setup instructions.
The Makefile sets --memory=16g for the build process
The default localdev container requires less memory than localfull
If you see "signal: killed" during Go tool installations when building localfull, increase Podman machine memory to 16GB
Symptoms include compilation failures for buf, protoc-gen-go, or other Go tools

Architecture detection fails:

Manually set TARGETARCH=amd64 or TARGETARCH=arm64

Runtime Issues

External mount not appearing:

Verify the path is absolute
Check the directory exists on host
Look for warning messages from the script

Permission denied errors:

Ensure mounted directories have appropriate read permissions
The container runs as UID/GID 1000
The --userns=keep-id option should map permissions correctly

Command not found inside container:

For npm packages: ensure nvm is loaded (. $NVM_DIR/nvm.sh)
For Go tools: check $GOPATH/bin is in PATH
The container's .bashrc should load these automatically

Claude global config not loading:

Verify ~/.claude exists on your host (the launcher auto-creates it)
Check the mount message when starting the container
Run ls ~/.claude inside the container to verify the mount

USB devices not accessible:

USB passthrough only works on Linux
On macOS, USB device access from containers is not supported
On Linux: ensure USB devices are connected before starting the container
On Linux: check host permissions on /dev/bus/usb
May require running podman with additional privileges on Linux

Supported Use Cases

This container is ideal for:

AI-assisted development with Claude Code or GitHub Copilot
Multi-language projects (Go + TypeScript/Node.js)
Safe experimentation with AI code generation
Isolated build and test environments
Cross-referencing multiple codebases safely
Hardware/USB development projects

Use localfull for:

Java/JVM development
Atlassian CLI integration (Jira, Confluence)
Documentation generation (Marp, Mermaid, Hugo)
Projects requiring multiple Node.js versions

License Considerations

This project uses Podman instead of Docker to avoid Docker Desktop licensing requirements for commercial use. Podman is fully open-source and compatible with Docker images and commands.

Contributing

When modifying the container:

Test builds on both AMD64 and ARM64 if possible
Keep memory-intensive operations batched (see npm installs)
Update this README with new features
Maintain the security-first approach

Name		Name	Last commit message	Last commit date
Latest commit History 94 Commits
.claude		.claude
.github/workflows		.github/workflows
.opencode		.opencode
docs		docs
.DS_Store		.DS_Store
.env		.env
.gitignore		.gitignore
CLAUDE.md		CLAUDE.md
Containerfile		Containerfile
Containerfile.full		Containerfile.full
LICENSE.txt		LICENSE.txt
Makefile		Makefile
README.md		README.md
docker-compose.yml		docker-compose.yml
docker-entrypoint.sh		docker-entrypoint.sh
install.sh		install.sh
localdev		localdev
localdevnet		localdevnet
localdevpull		localdevpull
localfull		localfull

Folders and files

Latest commit

History

Repository files navigation