Commit graph

12 commits

Author SHA1 Message Date
Evgeny Boger
cf0cbe1418 Add GitHub MCP proxy with repo scope enforcement
- Host-side proxy that injects GitHub tokens and enforces single-repo scope
- Defense-in-depth: owner/repo checks, search query scoping, tool allowlist,
  server-side X-MCP-Toolsets/Lockdown headers, header protection
- Token generation via GitHub App device flow with repo-scoped OAuth tokens
- Comprehensive tests (unit + end-to-end with mock upstream server)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 00:44:44 +01:00
Evgeny Boger
476c1baf40 Add GitHub MCP proxy with repo scope enforcement
- Host-side proxy that injects GitHub tokens and enforces single-repo scope
- Defense-in-depth: owner/repo checks, search query scoping, tool allowlist,
  server-side X-MCP-Toolsets/Lockdown headers, header protection
- Token generation via GitHub App device flow with repo-scoped OAuth tokens
- Comprehensive tests (unit + end-to-end with mock upstream server)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 00:44:29 +01:00
Evgeny Boger
76f652f831 Add host-side API proxy to keep credentials out of VMs
Instead of storing OAuth tokens inside the VM template, credentials now
stay on the host. A lightweight Python proxy (claude-vm-proxy.py) reads
the host's ~/.claude/.credentials.json, injects the real auth headers
(Bearer + oauth beta for OAuth, x-api-key for API keys), and forwards
requests to api.anthropic.com. The VM gets only ANTHROPIC_BASE_URL
pointing at the proxy and dummy credentials so Claude Code detects
the correct subscription tier.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 23:01:16 +03:00
Evgeny Boger
ca6c51893d cleanup test 2026-02-10 04:41:30 +03:00
Evgeny Boger
9b9571f25d test scoping 2026-02-10 04:40:41 +03:00
Evgeny Boger
7478e8c7cf Add security hardening for VM sessions
Snapshot security-sensitive files before each VM session and check for
unauthorized modifications afterward. Mount .git/hooks and .git/config
as read-only at the Lima level to prevent the VM from tampering with
host-side git hooks or config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-09 15:13:01 +03:00
Sylvain Zimmer
375b784bf6
Add arguments to claude-vm-setup 2026-01-29 10:14:10 +01:00
Sylvain Zimmer
180c575c5d
Merge pull request #1 from sylvinus/claude/forward-vm-arguments-EeIOt
Forward arguments from claude-vm to the underlying claude command
2026-01-29 09:13:01 +01:00
Claude
b181d33245
Forward arguments from claude-vm to the underlying claude command
Allows passing CLI options like -p, --resume, or -c directly to claude-vm,
which are forwarded to the claude command inside the VM.

https://claude.ai/code/session_01ESjq1MiEWwf4zzfa3iChpi
2026-01-29 08:04:57 +00:00
Sylvain Zimmer
10e39f1210
Fix issue with double dashes in VM names 2026-01-28 02:18:43 +01:00
Sylvain Zimmer
827c93403a
Fix login in claude code and add more details to the README on VMs 2026-01-28 01:46:19 +01:00
Sylvain Zimmer
f865122778
first commit 2026-01-28 01:15:09 +01:00