Add AI agents and cloud CLIs to container image

- Claude Code, OpenAI Codex, Cursor, Gemini CLI
- AWS, GCP, Azure, GitHub CLIs
- Config file support (~/.coderunner.config)
- Credential mount options (--with-ssh-agent, --with-credentials)
- 48h auto-update via GitHub Actions cron
- Trivy vulnerability scanning

Author: abhishek-anand

.github/workflows/docker-build.yml

@@ -7,6 +7,11 @@ on:
     branches: [ main ]
   release:
     types: [ published ]
+  schedule:
+    # Every 48 hours at midnight UTC
+    - cron: '0 0 */2 * *'
+  workflow_dispatch:
+    # Manual trigger
 
 env:
   REGISTRY: docker.io
@@ -61,7 +66,18 @@ jobs:
         labels: ${{ steps.meta.outputs.labels }}
         cache-from: type=gha
         cache-to: type=gha,mode=max
-    
+
+    - name: Scan image for vulnerabilities
+      if: github.event_name != 'pull_request'
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:docker-latest
+        format: 'table'
+        exit-code: '0'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'
+
     - name: Generate build summary
       run: |
         echo "## Docker Build Summary" >> $GITHUB_STEP_SUMMARY

Dockerfile

@@ -107,6 +107,47 @@ ENV PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 RUN npm install playwright@1.53.0 -g
 RUN npx playwright@1.53.0 install
 
+# --- AI Coding Agents ---
+# Claude Code CLI (pinned to major version 1.x)
+RUN npm install -g @anthropic-ai/claude-code@1
+
+# OpenAI Codex CLI
+RUN npm install -g @openai/codex
+
+# Gemini CLI
+RUN npm install -g @anthropic-ai/claude-code@1 && \
+    pip install --no-cache-dir google-generativeai
+
+# Cursor CLI (installs as 'agent' at ~/.local/bin)
+RUN curl -fsSL https://cursor.com/install | bash && \
+    ln -sf /root/.local/bin/agent /usr/local/bin/cursor
+
+# --- Cloud CLIs ---
+# AWS CLI v2
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "awscliv2.zip" && \
+    unzip -q awscliv2.zip && \
+    ./aws/install && \
+    rm -rf awscliv2.zip aws
+
+# Google Cloud CLI
+RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | \
+    tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \
+    curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | \
+    gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg && \
+    apt-get update && apt-get install -y google-cloud-cli && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# GitHub CLI (gh)
+RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | \
+    dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg && \
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | \
+    tee /etc/apt/sources.list.d/github-cli.list > /dev/null && \
+    apt-get update && apt-get install -y gh && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Azure CLI
+RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash
+
 # Copy the entrypoint script into the image
 COPY entrypoint.sh /entrypoint.sh
 

README.md

@@ -6,33 +6,52 @@
 
 # CodeRunner
 
-Sandboxed Python execution for Mac. Local files, local processing.
+Sandboxed code execution for Mac using [Apple containers](https://github.com/apple/container).
 
-CodeRunner runs Python code in an isolated container on your Mac using [Apple's native container technology](https://github.com/apple/container). Process your local files without uploading them anywhere.
+- Python execution in persistent Jupyter kernels
+- AI coding agents: Claude Code, OpenAI Codex, Cursor, Gemini CLI
+- Cloud CLIs: AWS, GCP, Azure, GitHub
+- Browser automation via Playwright
+- Data science stack: pandas, numpy, scipy, matplotlib
 
-- Execute Python in a persistent Jupyter kernel
-- Pre-installed data science stack (pandas, numpy, matplotlib, etc.)
-- Files stay on your machine
-- Optional browser automation via Playwright
-
-**Requirements:** macOS, Apple Silicon (M1+), Python 3.10+
+**Requirements:** macOS 15+, Apple Silicon
 
 ## Install
 
-### Homebrew (coming soon)
 ```bash
 brew install instavm/cli/coderunner
 ```
 
-### Manual
+Server starts automatically at `http://coderunner.local:8222`
+
+### Manual Install
+
 ```bash
 git clone https://github.com/instavm/coderunner.git
 cd coderunner
-chmod +x install.sh
-sudo ./install.sh
+./install.sh
 ```
 
-Server runs at: `http://coderunner.local:8222`
+### Commands
+
+```bash
+coderunner status              # Check if running
+coderunner stop                # Stop server
+coderunner start               # Start server
+coderunner run claude          # Run Claude Code
+coderunner run codex           # Run OpenAI Codex
+coderunner run cursor          # Run Cursor
+coderunner exec bash           # Shell into container
+coderunner logs                # View logs
+```
+
+### Start Options
+
+```bash
+coderunner start --with-ssh-agent      # Forward SSH agent for git
+coderunner start --with-credentials    # Mount ~/.claude, ~/.aws, ~/.config/gh
+coderunner start --env-file ~/.env     # Load environment from file
+```
 
 ## Usage
 
@@ -211,9 +230,42 @@ CodeRunner includes a skills system for common tasks.
 
 See [SKILLS-README.md](SKILLS-README.md) for details.
 
-## Pre-installed Libraries
+## Configuration
+
+Create `~/.coderunner.config` with your API keys:
+
+```
+ANTHROPIC_API_KEY=sk-ant-xxx
+OPENAI_API_KEY=sk-xxx
+GITHUB_TOKEN=ghp_xxx
+AWS_ACCESS_KEY_ID=AKIA...
+AWS_SECRET_ACCESS_KEY=xxx
+GOOGLE_APPLICATION_CREDENTIALS=/path/to/credentials.json
+```
+
+Keys are loaded automatically on `coderunner start`. CLI params override config file values.
+
+### Credential Locations
+
+| Tool | Config Directory | Environment Variable |
+|------|-----------------|---------------------|
+| Claude Code | `~/.claude/` | `ANTHROPIC_API_KEY` |
+| OpenAI Codex | `~/.codex/` | `OPENAI_API_KEY` |
+| Cursor | `~/.cursor/` | `CURSOR_API_KEY` |
+| GitHub CLI | `~/.config/gh/` | `GITHUB_TOKEN` |
+| AWS CLI | `~/.aws/` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` |
+| GCP CLI | `~/.config/gcloud/` | `GOOGLE_APPLICATION_CREDENTIALS` |
+| Azure CLI | `~/.azure/` | `AZURE_CREDENTIALS` |
+
+Use `--with-credentials` to mount these directories into the container (read-only).
+
+## Pre-installed Tools
+
+**Python:** pandas, numpy, scipy, matplotlib, seaborn, scikit-learn, pillow, pypdf, python-docx, openpyxl, beautifulsoup4, requests, httpx, playwright
+
+**AI Agents:** Claude Code, OpenAI Codex, Cursor, Gemini CLI
 
-The sandbox includes: pandas, numpy, scipy, matplotlib, seaborn, pillow, pypdf, python-docx, openpyxl, beautifulsoup4, requests, httpx, and more.
+**Cloud CLIs:** aws, gcloud, az, gh
 
 ## Security
 

install.sh

@@ -1,5 +1,91 @@
 #!/bin/bash
 
+# CodeRunner Install Script
+# Installs and starts the CodeRunner sandbox container
+
+set -e
+
+# --- Configuration ---
+CONFIG_FILE="${CODERUNNER_CONFIG:-$HOME/.coderunner.config}"
+CODERUNNER_HOME="${CODERUNNER_HOME:-$HOME/.coderunner}"
+
+# --- Default options ---
+WITH_SSH_AGENT=false
+WITH_CREDENTIALS=false
+ENV_FILE=""
+
+# --- Parse command line arguments ---
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --with-ssh-agent)
+            WITH_SSH_AGENT=true
+            shift
+            ;;
+        --with-credentials)
+            WITH_CREDENTIALS=true
+            shift
+            ;;
+        --env-file)
+            ENV_FILE="$2"
+            shift 2
+            ;;
+        --config)
+            CONFIG_FILE="$2"
+            shift 2
+            ;;
+        -h|--help)
+            echo "Usage: install.sh [OPTIONS]"
+            echo ""
+            echo "Options:"
+            echo "  --with-ssh-agent    Forward SSH agent for git operations"
+            echo "  --with-credentials  Mount config directories (~/.claude, ~/.config/gh, etc.)"
+            echo "  --env-file FILE     Load environment variables from file"
+            echo "  --config FILE       Use custom config file (default: ~/.coderunner.config)"
+            echo ""
+            echo "Config file format (~/.coderunner.config):"
+            echo "  ANTHROPIC_API_KEY=sk-xxx"
+            echo "  OPENAI_API_KEY=sk-xxx"
+            echo "  GITHUB_TOKEN=ghp_xxx"
+            exit 0
+            ;;
+        *)
+            echo "Unknown option: $1"
+            exit 1
+            ;;
+    esac
+done
+
+# --- Load config file if exists ---
+declare -a ENV_VARS
+if [[ -f "$CONFIG_FILE" ]]; then
+    echo "Loading config from $CONFIG_FILE"
+    while IFS='=' read -r key value; do
+        # Skip comments and empty lines
+        [[ "$key" =~ ^#.*$ ]] && continue
+        [[ -z "$key" ]] && continue
+        # Trim whitespace
+        key=$(echo "$key" | xargs)
+        value=$(echo "$value" | xargs)
+        if [[ -n "$key" && -n "$value" ]]; then
+            ENV_VARS+=("--env" "$key=$value")
+        fi
+    done < "$CONFIG_FILE"
+fi
+
+# --- Load env file if specified ---
+if [[ -n "$ENV_FILE" && -f "$ENV_FILE" ]]; then
+    echo "Loading environment from $ENV_FILE"
+    while IFS='=' read -r key value; do
+        [[ "$key" =~ ^#.*$ ]] && continue
+        [[ -z "$key" ]] && continue
+        key=$(echo "$key" | xargs)
+        value=$(echo "$value" | xargs)
+        if [[ -n "$key" && -n "$value" ]]; then
+            ENV_VARS+=("--env" "$key=$value")
+        fi
+    done < "$ENV_FILE"
+fi
+
 # Function to get current macOS version
 get_macos_version() {
   sw_vers -productVersion | awk -F. '{print $1 "." $2}'
@@ -105,8 +191,8 @@ if ! container image pull instavm/coderunner; then
     exit 1
 fi
 
-echo "→ Ensuring coderunner assets directories…"
-ASSETS_SRC="$HOME/.coderunner/assets"
+echo "→ Ensuring coderunner directories..."
+ASSETS_SRC="$CODERUNNER_HOME/assets"
 mkdir -p "$ASSETS_SRC/skills/user"
 mkdir -p "$ASSETS_SRC/outputs"
 
@@ -115,19 +201,57 @@ echo "Stopping any existing coderunner container..."
 container stop coderunner 2>/dev/null || true
 sleep 2
 
-# Run the command to start the sandbox container
-echo "Running: container run --name coderunner --detach --rm --cpus 8 --memory 4g instavm/coderunner"
+# --- Build volume mounts ---
+declare -a VOLUME_MOUNTS
+VOLUME_MOUNTS+=("--volume" "$ASSETS_SRC/skills/user:/app/uploads/skills/user")
+VOLUME_MOUNTS+=("--volume" "$ASSETS_SRC/outputs:/app/uploads/outputs")
+
+# SSH Agent forwarding
+if [[ "$WITH_SSH_AGENT" == true && -n "$SSH_AUTH_SOCK" ]]; then
+    echo "Enabling SSH agent forwarding..."
+    VOLUME_MOUNTS+=("--volume" "$SSH_AUTH_SOCK:/ssh-agent")
+    ENV_VARS+=("--env" "SSH_AUTH_SOCK=/ssh-agent")
+fi
+
+# Credential directory mounts (read-only)
+if [[ "$WITH_CREDENTIALS" == true ]]; then
+    echo "Mounting credential directories..."
+    # AI CLIs
+    [[ -d "$HOME/.claude" ]] && VOLUME_MOUNTS+=("--volume" "$HOME/.claude:/root/.claude:ro")
+    [[ -d "$HOME/.cursor" ]] && VOLUME_MOUNTS+=("--volume" "$HOME/.cursor:/root/.cursor:ro")
+    [[ -d "$HOME/.codex" ]] && VOLUME_MOUNTS+=("--volume" "$HOME/.codex:/root/.codex:ro")
+    # Cloud CLIs
+    [[ -d "$HOME/.config/gh" ]] && VOLUME_MOUNTS+=("--volume" "$HOME/.config/gh:/root/.config/gh:ro")
+    [[ -d "$HOME/.config/gcloud" ]] && VOLUME_MOUNTS+=("--volume" "$HOME/.config/gcloud:/root/.config/gcloud:ro")
+    [[ -d "$HOME/.aws" ]] && VOLUME_MOUNTS+=("--volume" "$HOME/.aws:/root/.aws:ro")
+    [[ -d "$HOME/.azure" ]] && VOLUME_MOUNTS+=("--volume" "$HOME/.azure:/root/.azure:ro")
+fi
+
+# Run the container
+echo "Starting coderunner container..."
 if container run \
-  --volume "$ASSETS_SRC/skills/user:/app/uploads/skills/user" \
-  --volume "$ASSETS_SRC/outputs:/app/uploads/outputs" \
+  "${VOLUME_MOUNTS[@]}" \
+  "${ENV_VARS[@]}" \
   --name coderunner \
   --detach \
   --rm \
   --cpus 8 \
   --memory 4g \
   instavm/coderunner; then
-    echo "✅ Setup complete. MCP server is available at http://coderunner.local:8222/mcp"
+    echo ""
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "CodeRunner is running"
+    echo ""
+    echo "  Server:  http://coderunner.local:8222"
+    echo "  MCP:     http://coderunner.local:8222/mcp"
+    echo "  Health:  http://coderunner.local:8222/health"
+    echo ""
+    echo "Commands:"
+    echo "  coderunner status    Check server status"
+    echo "  coderunner stop      Stop the server"
+    echo "  coderunner run       Run AI agents (claude, codex, cursor)"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
 else
-    echo "❌ Failed to start coderunner container. Please check the logs with: container logs coderunner"
+    echo "Failed to start container. Check logs: container logs coderunner"
     exit 1
 fi