forked from claude-did-this/claude-hub
a71cdcad40
This comprehensive update adds support for Claude Max subscription authentication and improves the overall authentication system with multiple methods: 🔐 Claude Authentication Enhancements: - Add setup container method for Claude Max/20x subscription usage ($20-200/month) - Create interactive authentication script (setup-claude-interactive.sh) - Add authentication testing utility (test-claude-auth.sh) - Support three authentication methods: Setup Container, API Key, AWS Bedrock - Comprehensive authentication documentation 📁 Directory Configuration: - Add CLAUDE_HUB_DIR environment variable (default: ~/.claude-hub) - Update .gitignore to use .claude-hub/ instead of hardcoded paths - Consistent environment variable usage across all scripts 🐙 GitHub Token Support: - Add fine-grained GitHub token support (github_pat_) alongside classic tokens (ghp_) - Update token validation in claudeService and githubService - Enhanced token detection and authentication flow 📖 Documentation & Guides: - Add complete Claude Authentication Guide with all three methods - Add Setup Container Deep Dive documentation - Update CLAUDE.md with quick start authentication section - Comprehensive cost comparison and use case recommendations 🐳 Container & Docker Improvements: - Update Dockerfile.claudecode with proper entrypoint script copying - Add Dockerfile.claude-setup for interactive authentication - Update docker-compose.yml with new port (3003) and environment variables - Enhanced container volume mounting for authentication 🔧 Infrastructure Updates: - Add TRUST_PROXY configuration for reverse proxy environments - Update port configuration from 3002 to 3003 - Enhanced environment variable documentation in .env.example - Debug utilities for troubleshooting authentication issues This update enables Claude Max subscribers to use their existing subscriptions for automation, potentially saving thousands in API costs while maintaining full production capabilities. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Claude GitHub Webhook
Deploy Claude Code as a fully autonomous GitHub bot. Create your own bot account, mention it in any issue or PR, and watch AI-powered development happen end-to-end. Claude can implement complete features, review code, merge PRs, wait for CI builds, and run for hours autonomously until tasks are completed. Production-ready microservice with container isolation, automated workflows, and intelligent project management.
What This Does
# In any GitHub issue or PR (using your configured bot account):
@YourBotName implement user authentication with OAuth
@YourBotName review this PR for security vulnerabilities
@YourBotName fix the failing CI tests and merge when ready
@YourBotName refactor the database layer for better performance
Claude autonomously handles complete development workflows. It analyzes your entire repository, implements features from scratch, conducts thorough code reviews, manages pull requests, monitors CI/CD pipelines, and responds to automated feedback - all without human intervention. No context switching. No manual oversight required. Just seamless autonomous development where you work.
Autonomous Workflow Capabilities
End-to-End Development 🚀
- Feature Implementation: From requirements to fully tested, production-ready code
- Code Review & Quality: Comprehensive analysis including security, performance, and best practices
- PR Lifecycle Management: Creates branches, commits changes, pushes code, and manages merge process
- CI/CD Monitoring: Actively waits for builds, analyzes test results, and fixes failures
- Automated Code Response: Responds to automated review comments and adapts based on feedback
Intelligent Task Management 🧠
- Multi-hour Operations: Continues working autonomously until complex tasks are 100% complete
- Dependency Resolution: Handles blockers, waits for external processes, and resumes work automatically
- Context Preservation: Maintains project state and progress across long-running operations
- Adaptive Problem Solving: Iterates on solutions based on test results and code review feedback
Key Features
Autonomous Development 🤖
- Complete Feature Implementation: Claude codes entire features from requirements to deployment
- Intelligent PR Management: Automatically creates, reviews, and merges pull requests
- CI/CD Integration: Waits for builds, responds to test failures, and handles automated workflows
- Long-running Tasks: Operates autonomously for hours until complex projects are completed
- Auto-labeling: New issues automatically tagged by content analysis
- Context-aware: Claude understands your entire repository structure and development patterns
- Stateless execution: Each request runs in isolated Docker containers
Performance Architecture ⚡
- Parallel test execution with strategic runner distribution
- Conditional Docker builds (only when code changes)
- Repository caching for sub-second response times
- Advanced build profiling with timing metrics
Enterprise Security 🔒
- Webhook signature verification (HMAC-SHA256)
- AWS IAM role-based authentication
- Pre-commit credential scanning
- Container isolation with minimal permissions
- Fine-grained GitHub token scoping
Quick Start
Option 1: Docker Image (Recommended)
# Pull the latest image
docker pull intelligenceassist/claude-hub:latest
# Run with environment variables
docker run -d \
--name claude-webhook \
-p 8082:3002 \
-v /var/run/docker.sock:/var/run/docker.sock \
-e GITHUB_TOKEN=your_github_token \
-e GITHUB_WEBHOOK_SECRET=your_webhook_secret \
-e ANTHROPIC_API_KEY=your_anthropic_key \
-e BOT_USERNAME=@YourBotName \
-e AUTHORIZED_USERS=user1,user2 \
intelligenceassist/claude-hub:latest
# Or use Docker Compose
wget https://raw.githubusercontent.com/intelligence-assist/claude-hub/main/docker-compose.yml
docker compose up -d
Option 2: From Source
# Clone and setup
git clone https://github.com/intelligence-assist/claude-hub.git
cd claude-hub
./scripts/setup/setup-secure-credentials.sh
# Launch with Docker Compose
docker compose up -d
Service runs on http://localhost:8082 by default.
Bot Account Setup
Current Setup: You need to create your own GitHub bot account:
- Create a dedicated GitHub account for your bot (e.g.,
MyProjectBot) - Generate a Personal Access Token with repository permissions
- Configure the bot username in your environment variables
- Add the bot account as a collaborator to your repositories
Future Release: We plan to release this as a GitHub App that provides a universal bot account, eliminating the need for individual bot setup while maintaining the same functionality for self-hosted instances.
Production Deployment
1. Environment Configuration
# Core settings
BOT_USERNAME=YourBotName # GitHub bot account username (create your own bot account)
GITHUB_WEBHOOK_SECRET=<generated> # Webhook validation
GITHUB_TOKEN=<fine-grained-pat> # Repository access (from your bot account)
# AWS Bedrock (recommended)
AWS_REGION=us-east-1
ANTHROPIC_MODEL=anthropic.claude-3-sonnet-20240229-v1:0
CLAUDE_CODE_USE_BEDROCK=1
# Security
AUTHORIZED_USERS=user1,user2,user3 # Allowed GitHub usernames
CLAUDE_API_AUTH_REQUIRED=1 # Enable API authentication
2. GitHub Webhook Setup
- Navigate to Repository → Settings → Webhooks
- Add webhook:
- Payload URL:
https://your-domain.com/api/webhooks/github - Content type:
application/json - Secret: Your
GITHUB_WEBHOOK_SECRET - Events: Select "Send me everything"
- Payload URL:
3. AWS Authentication Options
# Option 1: IAM Instance Profile (EC2)
# Automatically uses instance metadata
# Option 2: ECS Task Role
# Automatically uses container credentials
# Option 3: AWS Profile
./scripts/aws/setup-aws-profiles.sh
# Option 4: Static Credentials (not recommended)
AWS_ACCESS_KEY_ID=xxx
AWS_SECRET_ACCESS_KEY=xxx
Advanced Usage
Direct API Access
Integrate Claude without GitHub webhooks:
curl -X POST http://localhost:8082/api/claude \
-H "Content-Type: application/json" \
-d '{
"repoFullName": "owner/repo",
"command": "Analyze security vulnerabilities",
"authToken": "your-token",
"useContainer": true
}'
CLI Tool
# Basic usage
./cli/claude-webhook myrepo "Review the authentication flow"
# PR review
./cli/claude-webhook owner/repo "Review this PR" -p -b feature-branch
# Specific issue
./cli/claude-webhook myrepo "Fix this bug" -i 42
Container Execution Modes
Different operations use tailored security profiles for autonomous execution:
- Auto-tagging: Minimal permissions (Read + GitHub tools only)
- PR Reviews: Standard permissions (full tool access with automated merge capabilities)
- Feature Development: Full development permissions (code editing, testing, CI monitoring)
- Long-running Tasks: Extended container lifetime with checkpoint/resume functionality
- Custom Commands: Configurable via
--allowedToolsflag
Architecture Deep Dive
Autonomous Request Flow
GitHub Event → Webhook Endpoint → Signature Verification
↓ ↓
Container Spawn ← Command Parser ← Event Processor
↓
Claude Analysis → Feature Implementation → Testing & CI
↓ ↓ ↓
GitHub API ← Code Review ← PR Management ← Build Monitoring
↓
Autonomous Merge/Deploy → Task Completion
Autonomous Container Lifecycle
- Spawn: New Docker container per request with extended lifetime for long tasks
- Clone: Repository fetched (or cache hit) with full development setup
- Execute: Claude implements features, runs tests, monitors CI, handles feedback autonomously
- Iterate: Continuous development cycle until task completion
- Deploy: Results pushed, PRs merged, tasks marked complete
- Cleanup: Container destroyed after successful task completion
Security Layers
- Network: Webhook signature validation
- Authentication: GitHub user allowlist
- Authorization: Fine-grained token permissions
- Execution: Container isolation
- Tools: Operation-specific allowlists
Performance Tuning
Repository Caching
REPO_CACHE_DIR=/cache/repos
REPO_CACHE_MAX_AGE_MS=3600000 # 1 hour
Container Optimization
CONTAINER_LIFETIME_MS=7200000 # 2 hour timeout
CLAUDE_CONTAINER_IMAGE=claudecode:latest
CI/CD Pipeline
- Parallel Jest test execution
- Docker layer caching
- Conditional image builds
- Self-hosted runners for heavy operations
Monitoring & Debugging
Health Check
curl http://localhost:8082/health
Logs
docker compose logs -f webhook
Test Suite
npm test # All tests
npm run test:unit # Unit only
npm run test:integration # Integration only
npm run test:coverage # With coverage report
Debug Mode
DEBUG=claude:* npm run dev
Documentation
- Complete Workflow - End-to-end technical guide
- Container Setup - Docker configuration details
- AWS Best Practices - IAM and credential management
- GitHub Integration - Webhook events and permissions
- Scripts Reference - Utility scripts documentation
Contributing
Development Setup
# Install dependencies
npm install
# Setup pre-commit hooks
./scripts/setup/setup-precommit.sh
# Run in dev mode
npm run dev
Code Standards
- Node.js 20+ with async/await patterns
- Jest for testing with >80% coverage target
- ESLint + Prettier for code formatting
- Conventional commits for version management
Security Checklist
- No hardcoded credentials
- All inputs sanitized
- Webhook signatures verified
- Container permissions minimal
- Logs redact sensitive data
Troubleshooting
Common Issues
Webhook not responding
- Verify signature secret matches
- Check GitHub token permissions
- Confirm webhook URL is accessible
Claude timeouts
- Increase
CONTAINER_LIFETIME_MS - Check AWS Bedrock quotas
- Verify network connectivity
Permission denied
- Confirm user in
AUTHORIZED_USERS - Check GitHub token scopes
- Verify AWS IAM permissions
Support
- Report issues: GitHub Issues
- Detailed troubleshooting: Complete Workflow Guide
License
MIT - See the LICENSE file for details.