wylab/claude-hub
1
0
Fork 0
forked from claude-did-this/claude-hub
Code Issues 1 Pull Requests Activity
Files
be941b21494354bef6600a3fafedc74264788a95
claude-hub/scripts/runtime/claudecode-entrypoint.sh
Cheffromspace be941b2149 feat: Implement Claude orchestration with session management (#176) 
* feat: Implement Claude orchestration with session management

- Add CLAUDE_WEBHOOK_SECRET for webhook authentication
- Fix Docker volume mounting for Claude credentials
- Capture Claude's internal session ID from stream-json output
- Update entrypoint script to support OUTPUT_FORMAT=stream-json
- Fix environment variable naming (REPOSITORY -> REPO_FULL_NAME)
- Enable parallel session execution with proper authentication
- Successfully tested creating PRs via orchestrated sessions

This enables the webhook to create and manage Claude Code sessions that can:
- Clone repositories
- Create feature branches
- Implement code changes
- Commit and push changes
- Create pull requests

All while capturing Claude's internal session ID for potential resumption.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: Update SessionManager tests for new implementation

- Update test to expect docker volume create instead of docker create
- Add unref() method to mock process objects to fix test environment error
- Update spawn expectations to match new docker run implementation
- Fix tests for both startSession and queueSession methods

Tests now pass in CI environment.

---------

Co-authored-by: Claude <noreply@anthropic.com>
2025-06-03 19:59:55 -05:00

190 lines
8.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -e
# Unified entrypoint for Claude Code operations
# Handles both auto-tagging (minimal tools) and general operations (full tools)
# Operation type is controlled by OPERATION_TYPE environment variable
# Initialize firewall - must be done as root
# Temporarily disabled to test Claude Code
# /usr/local/bin/init-firewall.sh
# Environment variables (passed from service)
# Simply reference the variables directly - no need to reassign
# They are already available in the environment
# Ensure workspace directory exists and has proper permissions
mkdir -p /workspace
chown -R node:node /workspace
# Set up Claude authentication by syncing from captured auth directory
if [ -d "/home/node/.claude" ]; then
echo "Setting up Claude authentication from mounted auth directory..." >&2
# Create a writable copy of Claude configuration in workspace
CLAUDE_WORK_DIR="/workspace/.claude"
mkdir -p "$CLAUDE_WORK_DIR"
echo "DEBUG: Source auth directory contents:" >&2
ls -la /home/node/.claude/ >&2 || echo "DEBUG: Source auth directory not accessible" >&2
# Sync entire auth directory to writable location (including database files, project state, etc.)
if command -v rsync >/dev/null 2>&1; then
rsync -av /home/node/.claude/ "$CLAUDE_WORK_DIR/" 2>/dev/null || echo "rsync failed, trying cp" >&2
else
# Fallback to cp with comprehensive copying
cp -r /home/node/.claude/* "$CLAUDE_WORK_DIR/" 2>/dev/null || true
cp -r /home/node/.claude/.* "$CLAUDE_WORK_DIR/" 2>/dev/null || true
fi
echo "DEBUG: Working directory contents after sync:" >&2
ls -la "$CLAUDE_WORK_DIR/" >&2 || echo "DEBUG: Working directory not accessible" >&2
# Set proper ownership and permissions for the node user
chown -R node:node "$CLAUDE_WORK_DIR"
chmod 600 "$CLAUDE_WORK_DIR"/.credentials.json 2>/dev/null || true
chmod 755 "$CLAUDE_WORK_DIR" 2>/dev/null || true
echo "DEBUG: Final permissions check:" >&2
ls -la "$CLAUDE_WORK_DIR/.credentials.json" >&2 || echo "DEBUG: .credentials.json not found" >&2
echo "Claude authentication directory synced to $CLAUDE_WORK_DIR" >&2
else
echo "WARNING: No Claude authentication source found at /home/node/.claude." >&2
fi
# Configure GitHub authentication
if [ -n "${GITHUB_TOKEN}" ]; then
export GH_TOKEN="${GITHUB_TOKEN}"
echo "${GITHUB_TOKEN}" | sudo -u node gh auth login --with-token
sudo -u node gh auth setup-git
else
echo "No GitHub token provided, skipping GitHub authentication"
fi
# Clone the repository as node user
if [ -n "${GITHUB_TOKEN}" ] && [ -n "${REPO_FULL_NAME}" ]; then
echo "Cloning repository ${REPO_FULL_NAME}..." >&2
sudo -u node git clone "https://x-access-token:${GITHUB_TOKEN}@github.com/${REPO_FULL_NAME}.git" /workspace/repo >&2
cd /workspace/repo
else
echo "Skipping repository clone - missing GitHub token or repository name" >&2
cd /workspace
fi
# Checkout the correct branch based on operation type
if [ "${OPERATION_TYPE}" = "auto-tagging" ]; then
# Auto-tagging always uses main branch (doesn't need specific branches)
echo "Using main branch for auto-tagging" >&2
sudo -u node git checkout main >&2 || sudo -u node git checkout master >&2
elif [ "${IS_PULL_REQUEST}" = "true" ] && [ -n "${BRANCH_NAME}" ]; then
echo "Checking out PR branch: ${BRANCH_NAME}" >&2
sudo -u node git checkout "${BRANCH_NAME}" >&2
else
echo "Using main branch" >&2
sudo -u node git checkout main >&2 || sudo -u node git checkout master >&2
fi
# Configure git for commits using environment variables (with defaults)
sudo -u node git config --global user.email "${BOT_EMAIL:-claude@example.com}"
sudo -u node git config --global user.name "${BOT_USERNAME:-ClaudeBot}"
# Configure Claude authentication
# Support both API key and interactive auth methods
echo "DEBUG: Checking authentication options..." >&2
echo "DEBUG: ANTHROPIC_API_KEY set: $([ -n "${ANTHROPIC_API_KEY}" ] && echo 'YES' || echo 'NO')" >&2
echo "DEBUG: /workspace/.claude/.credentials.json exists: $([ -f "/workspace/.claude/.credentials.json" ] && echo 'YES' || echo 'NO')" >&2
echo "DEBUG: /workspace/.claude contents:" >&2
ls -la /workspace/.claude/ >&2 || echo "DEBUG: /workspace/.claude directory not found" >&2
if [ -n "${ANTHROPIC_API_KEY}" ]; then
echo "Using Anthropic API key for authentication..." >&2
export ANTHROPIC_API_KEY="${ANTHROPIC_API_KEY}"
elif [ -f "/workspace/.claude/.credentials.json" ]; then
echo "Using Claude interactive authentication from working directory..." >&2
# No need to set ANTHROPIC_API_KEY - Claude CLI will use the credentials file
# Set HOME to point to our working directory for Claude CLI
export CLAUDE_HOME="/workspace/.claude"
echo "DEBUG: Set CLAUDE_HOME to $CLAUDE_HOME" >&2
else
echo "WARNING: No Claude authentication found. Please set ANTHROPIC_API_KEY or ensure ~/.claude is mounted." >&2
fi
# Create response file with proper permissions
RESPONSE_FILE="/workspace/response.txt"
touch "${RESPONSE_FILE}"
chown node:node "${RESPONSE_FILE}"
# Determine allowed tools based on operation type
if [ "${OPERATION_TYPE}" = "auto-tagging" ]; then
ALLOWED_TOOLS="Read,GitHub,Bash(gh issue edit:*),Bash(gh issue view:*),Bash(gh label list:*)" # Minimal tools for auto-tagging (security)
echo "Running Claude Code for auto-tagging with minimal tools..." >&2
elif [ "${OPERATION_TYPE}" = "pr-review" ] || [ "${OPERATION_TYPE}" = "manual-pr-review" ]; then
# PR Review: Broad research access + controlled write access
# Read access: Full file system, git history, GitHub data
# Write access: GitHub comments/reviews, PR labels, but no file deletion/modification
ALLOWED_TOOLS="Read,GitHub,Bash(gh:*),Bash(git log:*),Bash(git show:*),Bash(git diff:*),Bash(git blame:*),Bash(find:*),Bash(grep:*),Bash(rg:*),Bash(cat:*),Bash(head:*),Bash(tail:*),Bash(ls:*),Bash(tree:*)"
echo "Running Claude Code for PR review with broad research access..." >&2
else
ALLOWED_TOOLS="Bash,Create,Edit,Read,Write,GitHub" # Full tools for general operations
echo "Running Claude Code with full tool access..." >&2
fi
# Check if command exists
if [ -z "${COMMAND}" ]; then
echo "ERROR: No command provided. COMMAND environment variable is empty." | tee -a "${RESPONSE_FILE}" >&2
exit 1
fi
# Log the command length for debugging
echo "Command length: ${#COMMAND}" >&2
# Run Claude Code with proper HOME environment
# If we synced Claude auth to workspace, use workspace as HOME
if [ -f "/workspace/.claude/.credentials.json" ]; then
CLAUDE_USER_HOME="/workspace"
echo "DEBUG: Using /workspace as HOME for Claude CLI (synced auth)" >&2
else
CLAUDE_USER_HOME="${CLAUDE_HOME:-/home/node}"
echo "DEBUG: Using $CLAUDE_USER_HOME as HOME for Claude CLI (fallback)" >&2
fi
if [ "${OUTPUT_FORMAT}" = "stream-json" ]; then
# For stream-json, output directly to stdout for real-time processing
exec sudo -u node -E env \
HOME="$CLAUDE_USER_HOME" \
PATH="/usr/local/bin:/usr/local/share/npm-global/bin:$PATH" \
ANTHROPIC_API_KEY="${ANTHROPIC_API_KEY}" \
GH_TOKEN="${GITHUB_TOKEN}" \
GITHUB_TOKEN="${GITHUB_TOKEN}" \
BASH_DEFAULT_TIMEOUT_MS="${BASH_DEFAULT_TIMEOUT_MS}" \
BASH_MAX_TIMEOUT_MS="${BASH_MAX_TIMEOUT_MS}" \
/usr/local/share/npm-global/bin/claude \
--allowedTools "${ALLOWED_TOOLS}" \
--output-format stream-json \
--verbose \
--print "${COMMAND}"
else
# Default behavior - write to file
sudo -u node -E env \
HOME="$CLAUDE_USER_HOME" \
PATH="/usr/local/bin:/usr/local/share/npm-global/bin:$PATH" \
ANTHROPIC_API_KEY="${ANTHROPIC_API_KEY}" \
GH_TOKEN="${GITHUB_TOKEN}" \
GITHUB_TOKEN="${GITHUB_TOKEN}" \
BASH_DEFAULT_TIMEOUT_MS="${BASH_DEFAULT_TIMEOUT_MS}" \
BASH_MAX_TIMEOUT_MS="${BASH_MAX_TIMEOUT_MS}" \
/usr/local/share/npm-global/bin/claude \
--allowedTools "${ALLOWED_TOOLS}" \
--verbose \
--print "${COMMAND}" \
> "${RESPONSE_FILE}" 2>&1
fi
# Check for errors
if [ $? -ne 0 ]; then
echo "ERROR: Claude Code execution failed. See logs for details." | tee -a "${RESPONSE_FILE}" >&2
fi
# Output the response
cat "${RESPONSE_FILE}"
Reference in New Issue View Git Blame Copy Permalink