feat: Added separate feature with readonly mounts for common Claude configs #25
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| # Using Claude Code Mounts in devcontainers | ||
|
|
||
| ## Requirements | ||
|
|
||
| This feature requires: | ||
|
|
||
| 1. The Claude Code CLI to be installed (use the `claude-code` feature first) | ||
| 2. Claude Code configuration files to exist on your host machine at `~/.claude/` | ||
| 3. HOME environment variable to be properly set on the host system | ||
|
|
||
| Note: On Windows, ensure the HOME environment variable is set (e.g. using "Edit user environment variables" in the system settings). | ||
|
|
||
| ## Recommended configuration | ||
|
|
||
| For most setups, we recommend using this feature together with the main Claude Code feature: | ||
|
|
||
| ```json | ||
| "features": { | ||
| "ghcr.io/devcontainers/features/node:1": {}, | ||
| "ghcr.io/anthropics/devcontainer-features/claude-code:1": {}, | ||
| "ghcr.io/anthropics/devcontainer-features/claude-code-mounts:1": {} | ||
| } | ||
| ``` | ||
|
|
||
| ## What gets mounted | ||
|
|
||
| This feature mounts the following Claude Code configuration files and directories from your host machine: | ||
|
|
||
| - `~/.claude/CLAUDE.md` - Global project instructions (read-only) | ||
| - `~/.claude/settings.json` - Claude Code configuration (read-only) | ||
| - `~/.claude/agents/` - Custom agent configurations (read-only) | ||
| - `~/.claude/commands/` - Custom command definitions (read-only) | ||
| - `~/.claude/hooks/` - Event-driven shell commands (read-only) | ||
|
|
||
| All mounts are read-only to prevent accidental modification from within the container. | ||
|
|
||
| ## Installation order | ||
|
|
||
| This feature uses `installsAfter` to ensure it runs after: | ||
| 1. Node.js feature (if used) | ||
| 2. Claude Code feature | ||
|
|
||
| This ensures the Claude Code CLI is available before mounting configuration files. | ||
|
|
||
| ## Troubleshooting | ||
|
|
||
| ### Errors when building the dev container | ||
|
|
||
| - Ensure that mounted files and directories exist on host machine | ||
| - Check that the HOME environment variable is set correctly | ||
| - Ensure the devcontainer has been rebuilt after adding this feature | ||
|
|
||
| ### Permission issues | ||
|
|
||
| - All mounts are read-only by design | ||
| - If you need to modify configuration, do so on the host machine and restart the container | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| { | ||
| "name": "Claude Code CLI Mounts", | ||
| "id": "claude-code-mounts", | ||
| "version": "1.0.5", | ||
| "description": "Mounts the directories and files required for Claude Code", | ||
| "options": {}, | ||
| "documentationURL": "https://github.com/anthropics/devcontainer-features/tree/main/src/claude-code", | ||
| "licenseURL": "https://github.com/anthropics/devcontainer-features/blob/main/LICENSE", | ||
| "installsAfter": [ | ||
| "ghcr.io/devcontainers/features/node:1", | ||
| "ghcr.io/anthropics/devcontainer-features/claude-code:1" | ||
| ], | ||
| "mounts": [ | ||
| "source=${localEnv:HOME}/.claude/CLAUDE.md,target=/home/vscode/.claude/CLAUDE.md,type=bind,ro", | ||
|
There was a problem hiding this comment. Wouldn't it be enough one line with
Btw, shouldn't it be There was a problem hiding this comment. in the claude-code repo there is a reference implementation, see these lines, maybe it helps: There was a problem hiding this comment. If the simple solution worked, it would be in this PR. Unfortunately it does not, because of following issues: anthropics/claude-code#4478 Readonly mounts specifically address the security concern of escaping the devcontainer sandbox via prompt injection, which is stated in PR description There was a problem hiding this comment. Thanks for the clarification! One more question: if it is always read-only, how do you set the credentials the first time? There was a problem hiding this comment. Credentials are not included, as I haven't figured out a way to make it work - including There was a problem hiding this comment. I believe you also need the There was a problem hiding this comment. I think this is the minimal {
"numStartups": 1,
"userID": "...",
"projects": {},
"oauthAccount": {
"accountUuid": "...",
"emailAddress": "...",
"organizationUuid": "..."
},
"hasCompletedOnboarding": true
}There was a problem hiding this comment.
I wondering how such attack would work? There was a problem hiding this comment.
One such vulnerability was recently patched by GitHub, for example: https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/ There was a problem hiding this comment. did you give a try to the minimal |
||
| "source=${localEnv:HOME}/.claude/settings.json,target=/home/vscode/.claude/settings.json,type=bind,ro", | ||
| "source=${localEnv:HOME}/.claude/agents,target=/home/vscode/.claude/agents,type=bind,ro", | ||
| "source=${localEnv:HOME}/.claude/commands,target=/home/vscode/.claude/commands,type=bind,ro", | ||
| "source=${localEnv:HOME}/.claude/hooks,target=/home/vscode/.claude/hooks,type=bind,ro" | ||
| ] | ||
| } | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| #!/bin/sh | ||
| set -eu | ||
|
|
||
| echo "Activating feature 'claude-code-mounts'" | ||
|
|
||
| mkdir -p $_REMOTE_USER_HOME/.claude | ||
| chown $_REMOTE_USER:$_REMOTE_USER $_REMOTE_USER_HOME/.claude |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In a github codespaces this is not possible (as far as I know), and this was my main motivation to use a devcontainer features. This use case most be consider here.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This feature is designed to be enabled in machine configuration rather than in project itself - on workstations, remote devboxes, CI agents etc.
For Codespaces, "host" configuration is ephemeral anyway and it does not make sense to mount it - so you just don't need this feature there
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would like to persist the claude configuration after rebuilds, so in this case I believe it is ok if the mounts are
rw. Thanks for the explanations, I see the issues now more clearly in a machine configuration.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Then I believe you are not the target audience of this feature. This is specifically for devcontainers on developer/CI machines, which can contain common secure state, including Claude configs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe it is actually the other way around. Devcontainer features can and are used in GitHub Codespaces as well, without exceptions. I was highlighting this limitation in your proposal, which is why this PR might not be accepted. It is not a proper devcontainer feature because it lacks general applicability.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1.Features are optional by design, and every feature is not expected to work in every possible devcontainer environment
2.Not supporting a particular workflow you, in your words, would like to have is not "lack of general applicability".
Appreciate you taking the time to leave feedback, however, it unfortunately does not help to improve the proposal