mirror of
https://github.com/textcortex/claude-code-sandbox.git
synced 2025-07-24 13:44:15 +00:00
b44cf1a84e
* Commit first run * Checkpoint * Checkpoint * Checkpoint * Checkpoint * Checkpoint * Checkpoint * Checkpoint * Checkpoint * Checkpoint * Checkpoint * Checkpoint * Copy credentials * Add setupcommands * Can push from inside the container * Checkpoint * Can launch dev server in sandbox * Checkpoint * Checkpoint * Run prettier * Checkpoint
206 lines
4.3 KiB
Markdown
206 lines
4.3 KiB
Markdown
# GitHub Authentication
|
|
|
|
This document explains how to set up GitHub authentication for use within Claude Sandbox containers.
|
|
|
|
## Overview
|
|
|
|
Claude Sandbox uses GitHub tokens for authentication, providing a secure and simple way to access private repositories and push changes.
|
|
|
|
## Authentication Methods (in order of preference)
|
|
|
|
### 1. GitHub CLI Token (Recommended)
|
|
|
|
The most secure and convenient method:
|
|
|
|
```bash
|
|
# One-time setup on host:
|
|
gh auth login
|
|
|
|
# The token is automatically discovered and passed to containers
|
|
```
|
|
|
|
**How it works:**
|
|
|
|
- Claude Sandbox runs `gh auth token` to get your token
|
|
- Token is passed as `GITHUB_TOKEN` environment variable
|
|
- Git is configured to use the token for both HTTPS and SSH URLs
|
|
- Works for cloning, pulling, and pushing
|
|
|
|
**Benefits:**
|
|
|
|
- ✅ Cross-platform (macOS, Linux, Windows)
|
|
- ✅ Secure (tokens can be scoped)
|
|
- ✅ Easy to refresh (`gh auth refresh`)
|
|
- ✅ No manual token management
|
|
|
|
### 2. Environment Variables
|
|
|
|
Set a token in your shell:
|
|
|
|
```bash
|
|
# Using GitHub Personal Access Token
|
|
export GITHUB_TOKEN=ghp_xxxxxxxxxxxx
|
|
|
|
# Or using GitHub CLI token
|
|
export GH_TOKEN=$(gh auth token)
|
|
|
|
# Then run
|
|
claude-sandbox
|
|
```
|
|
|
|
**Supported variables:**
|
|
|
|
- `GITHUB_TOKEN` - Standard GitHub token variable
|
|
- `GH_TOKEN` - GitHub CLI token variable
|
|
|
|
### 3. Git Configuration
|
|
|
|
Your `.gitconfig` is automatically copied to containers, preserving:
|
|
|
|
- User name and email
|
|
- Custom aliases
|
|
- Other git settings (excluding credential helpers)
|
|
|
|
## Setup Examples
|
|
|
|
### Quick Setup (GitHub CLI)
|
|
|
|
```bash
|
|
# Install GitHub CLI
|
|
brew install gh # macOS
|
|
# or
|
|
sudo apt install gh # Ubuntu/Debian
|
|
|
|
# Authenticate
|
|
gh auth login
|
|
|
|
# Run claude-sandbox (token is auto-detected)
|
|
claude-sandbox
|
|
```
|
|
|
|
### Manual Token Setup
|
|
|
|
1. Create a Personal Access Token:
|
|
|
|
- Go to GitHub Settings → Developer settings → Personal access tokens
|
|
- Create a token with `repo` scope
|
|
- Copy the token
|
|
|
|
2. Set environment variable:
|
|
```bash
|
|
export GITHUB_TOKEN=ghp_your_token_here
|
|
claude-sandbox
|
|
```
|
|
|
|
## Using in Container
|
|
|
|
Once authenticated, git is automatically configured to use your token:
|
|
|
|
```bash
|
|
# Clone private repos (both HTTPS and SSH URLs work)
|
|
git clone https://github.com/username/private-repo.git
|
|
git clone git@github.com:username/private-repo.git
|
|
|
|
# Use GitHub CLI
|
|
gh repo create
|
|
gh pr create
|
|
gh issue list
|
|
|
|
# Push changes
|
|
git push origin main
|
|
```
|
|
|
|
## Configuration File
|
|
|
|
Add GitHub token to your project's `claude-sandbox.config.json`:
|
|
|
|
```json
|
|
{
|
|
"environment": {
|
|
"GITHUB_TOKEN": "ghp_xxxxxxxxxxxx"
|
|
}
|
|
}
|
|
```
|
|
|
|
**Warning:** Don't commit tokens to version control!
|
|
|
|
## Troubleshooting
|
|
|
|
### Permission Denied
|
|
|
|
If you get "Permission denied" errors:
|
|
|
|
1. Check if token is available:
|
|
|
|
```bash
|
|
# In container
|
|
echo $GITHUB_TOKEN
|
|
gh auth status
|
|
```
|
|
|
|
2. Verify git configuration:
|
|
```bash
|
|
git config --list | grep url
|
|
```
|
|
|
|
### Token Not Found
|
|
|
|
If no token is detected:
|
|
|
|
- Ensure you're logged in with `gh auth login`
|
|
- Or set `GITHUB_TOKEN` environment variable
|
|
- Check that the token has appropriate scopes
|
|
|
|
### Rate Limiting
|
|
|
|
If you hit rate limits:
|
|
|
|
- Ensure you're using an authenticated token
|
|
- Check rate limit: `gh api rate_limit`
|
|
|
|
## Security Best Practices
|
|
|
|
1. **Use Scoped Tokens**: Only grant necessary permissions (usually just `repo`)
|
|
2. **Rotate Tokens**: Regularly refresh tokens
|
|
3. **Don't Commit Tokens**: Use environment variables
|
|
4. **Use GitHub CLI**: It manages token lifecycle automatically
|
|
|
|
## Platform-Specific Notes
|
|
|
|
### macOS
|
|
|
|
- GitHub CLI token stored in macOS Keychain
|
|
- Git credentials may use osxkeychain helper
|
|
|
|
### Linux
|
|
|
|
- GitHub CLI token in `~/.config/gh/`
|
|
- Git credentials may use libsecret
|
|
|
|
### Windows (WSL)
|
|
|
|
- Use WSL for best compatibility
|
|
- GitHub CLI works in WSL
|
|
|
|
## Advanced Configuration
|
|
|
|
### Multiple GitHub Accounts
|
|
|
|
Use different tokens for different organizations:
|
|
|
|
```bash
|
|
# For work repos
|
|
export GITHUB_TOKEN=ghp_work_token
|
|
|
|
# For personal repos (in another session)
|
|
export GITHUB_TOKEN=ghp_personal_token
|
|
```
|
|
|
|
### Custom Git Configuration
|
|
|
|
The container automatically configures git to use tokens for all GitHub URLs:
|
|
|
|
- `https://github.com/` URLs use token authentication
|
|
- `git@github.com:` URLs are rewritten to use HTTPS with token
|
|
|
|
This means you can clone repositories using either format and authentication will work seamlessly.
|