Conversation
Add comprehensive security review documentation with findings for high and medium severity issues including supply chain risks, GitHub Actions permissions, and secret exposure. Co-Authored-By: GLM <zai-org@users.noreply.github.com>
When passing arguments with special shell characters (like ?) to the container, they were being interpreted as glob patterns. Now using printf '%q' to properly escape each argument. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…ariables Allows .env files to remain mounted and accessible in the container without Docker automatically loading them as environment variables. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Implements time-based rebuild trigger that forces image rebuild when older than 48 hours, ensuring Claude Code and OpenCode stay current without manual intervention. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Native install is the recommended method and future-proof (npm installation is deprecated). Using stable channel for reliability since image rebuilds less frequently now that Claude auto-updates. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Consistent with Claude Code approach. Native install is the recommended method for both tools. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Removes time-based rebuild logic that forced rebuilds every 48 hours. Now rebuilds only when Dockerfile/entrypoint changes or via explicit --rebuild flag. Uses BUILD_TIMESTAMP build arg to invalidate Docker cache on every build, ensuring fresh installs on rebuild rather than relying on unpredictable auto-update timing. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Update eval-001 with last reviewed date and note .gitignore fix for .env file exposure risk. Co-Authored-By: GLM <zai-org@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test plan
🤖 Generated by Claude Code - GLM 4.7