disinto-admin/disinto
1
0
Fork 0
Code Issues 25 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: vision(#623): Claude identity isolation for disinto-chat (#707)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details

Browse source
This commit is contained in:
Claude 2026-04-12 01:50:23 +00:00
parent cf4e9983c2
commit a15f0763b7
4 changed files with 171 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

9
docker/chat/Dockerfile
View file

@ -15,7 +15,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
python3 \
&& rm -rf /var/lib/apt/lists/*
# Non-root user — fixed UID 10001 for sandbox hardening (#706)
# Non-root user — fixed UID 10001 for sandbox hardening (#706, #707)
RUN useradd -m -u 10001 -s /bin/bash chat
# Copy application files
@ -25,9 +25,16 @@ COPY ui/ /var/chat/ui/
RUN chmod +x /entrypoint-chat.sh /usr/local/bin/server.py
# Create and set ownership of chat identity directory for #707
RUN install -d -m 0700 /home/chat/.claude-chat/config/credentials \
&& chown -R chat:chat /home/chat/.claude-chat
USER chat
WORKDIR /var/chat
# Declare volume for chat identity — mounted from host at runtime (#707)
VOLUME /home/chat/.claude-chat
EXPOSE 8080
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD python3 -c "import urllib.request; urllib.request.urlopen('http://localhost:8080/')" || exit 1