fix(.ai-dev): Ship-in-Docker operational fixes for autonomous /ship

[nick-inkeep]

Summary

Fixes 10 operational issues in the .ai-dev/ Docker sandbox that prevented /ship from running autonomously inside containers. After these changes, /ship completes headlessly (exit 0, working code produced), and parallel multi-instance execution works.

What changed (6 files):

1. Dockerfile — Fix ENV PATH, add tmux
2. docker-compose.yml — CLAUDE_CODE_PLUGIN_SEED_DIR, CLAUDE_CODE_OAUTH_TOKEN, CLAUDE_PROJECT_DIR, TCP health check, service_healthy gate, memory 14G→20G
3. entrypoint.sh — Full rewrite: seed-based enabledPlugins, git safe.directory, credential helper
4. squid.conf — Add sentry, statsig, Google Fonts, anthropics path
5. .npmrc (new) — supportedArchitectures for cross-platform native modules
6. README.md — Headless launch, OAuth extraction, marketplace prereqs, monitoring

Key decisions

• Plugin loading: CLAUDE_CODE_PLUGIN_SEED_DIR (official Anthropic mechanism)
• Auth: OAuth token extractable from macOS Keychain + API key (both supported)
• Health check: TCP port check (squidclient deprecated in Squid 7+)
• Cross-platform modules: .npmrc supportedArchitectures (pnpm official)
• Memory: 14G→20G (agents-api typecheck OOMs at 14G)

Marketplace prereq: Local directory marketplaces are symlinks that break in Docker. Copy before launching: cp -r ~/team-skills ~/.claude/plugins/marketplaces/inkeep-team-skills

Verification

15/15 QA scenarios pass. Full spec at specs/2026-03-24-ship-in-docker-fixes/SPEC.md.

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agents-api	Ready	Preview, Comment	Mar 25, 2026 6:09am
agents-docs	Ready	Preview, Comment	Mar 25, 2026 6:09am
agents-manage-ui	Ready	Preview, Comment	Mar 25, 2026 6:09am

[changeset-bot]

⚠️ No Changeset found

Latest commit: 5c64e67

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[itoqa]

Ito Test Report ✅

19 test cases ran. 19 passed.

All 19 test cases passed with zero failures, indicating the repo’s sandbox/proxy startup, security controls, entrypoint behavior, Docker prerequisites, and README usability/documentation checks are all functioning as expected. Key validations included a TCP-based proxy healthcheck and service_healthy gating (without squidclient), correct auth/plugin environment and mounts, strict Squid allowlist/default-deny policy with constrained GitHub org path regexes for inkeep/anthropics plus new sentry/statsig/google ACLs, Dockerfile/.npmrc hardening for tmux/PATH/cross-platform native modules, token-gated git credential setup with safe plugin seeding logic, and clear, secret-safe, deterministic, deep-link-stable, and mobile-accessible README guidance.

✅ Passed (19)

Category	Summary	Screenshot
Adversarial	Explicit allowlist rules remain in place with terminal http_access deny all preserving default-deny egress.
Adversarial	GitHub org ACL scope remains constrained to the inkeep and anthropics paths and is not trivially broadened.
Adversarial	TC-ADV-3: Documentation examples use placeholder-style secrets only and do not expose real token literals.
Adversarial	TC-ADV-4: Rapid anchor-jump and browser history stress behavior remained stable without broken section navigation.
Adversarial	TC-ADV-6: Deep-link, refresh, and back/forward traversal preserved expected hash-to-section targeting.
Edge	Confirmed plugin parsing is file-gated, avoiding failures when installed_plugins.json is missing (TC-EDGE-1).
Edge	Verified git credential helper commands remain absent when GITHUB_TOKEN is not set (TC-EDGE-2).
Edge	TC-EDGE-3: README clearly documents both Option A API key and Option B OAuth-token flows alongside compose build/run steps.
Edge	TC-EDGE-5: Parallel instance guidance is deterministic, with distinct project/workspace examples and explicit reuse of the same -p value.
Logic	(TC-LOGIC-1) Dockerfile includes tmux, uses /home/agent/.local/bin:${PATH}, and removes the legacy Claude binary path while keeping architecture declarations aligned.
Logic	Verified deterministic startup flow in .ai-dev/entrypoint.sh with seed-dir plugin enablement and preserved exec path (TC-LOGIC-2).
Logic	Confirmed safe.directory is always configured and credential helper logic is gated by GITHUB_TOKEN (TC-LOGIC-3).
Logic	(TC-LOGIC-5) Root architecture matrix includes required os, cpu, and libc entries for cross-platform native module support.
Happy-path	Required outbound sentry/statsig/google ACLs and matching allow rules are present in .ai-dev/squid.conf.
Happy-path	GitHub and GitHubusercontent path ACL regexes are anchored to only the inkeep and anthropics org paths, with matching allow rules.
Tcadv	TC-ADV-5 mobile and landscape README checks passed with reachable critical sections and accessible command snippets.
Tcedge	Verified TCP healthcheck implementation without squidclient dependency (source test: TC-EDGE-4).
Tclogic	Verified compose auth and plugin seed environment wiring (source test: TC-LOGIC-4).
Tcroute	Verified compose proxy health gate and sandbox startup dependency (source test: TC-ROUTE-1).

Commit: 5c64e67

View Full Run

---

Tell us how we did: Give Ito Feedback