mirror of
https://github.com/tiennm99/goclaw.git
synced 2026-06-09 22:12:07 +00:00
therichardngai-code
6bfad07ed8
Sandbox overlay's cap_add replaces (not merges) the base compose, dropping SETUID, SETGID, CHOWN. This causes credential copy to fail with Permission denied when combining sandbox + claude-cli overlays. Changes: - Re-include base capabilities in sandbox overlay's cap_add - Use umask 077 for atomic permission-safe credential copy - Add ENABLE_CLAUDE_CLI build arg to pre-install Claude CLI in image - Add runtime warning when credentials mounted but CLI binary missing - Add WITH_CLAUDE_CLI to Makefile for overlay consistency - Add security warning comment for sandbox overlay attack surface
22 lines
750 B
Bash
22 lines
750 B
Bash
# GoClaw environment variables.
|
|
# Copy to .env and fill in values. For Docker Compose, do NOT use 'export' prefix.
|
|
#
|
|
# Auto-generated by prepare-env.sh: GOCLAW_GATEWAY_TOKEN, GOCLAW_ENCRYPTION_KEY.
|
|
# LLM provider API keys: configure via the web dashboard setup wizard.
|
|
|
|
# --- Gateway (required) ---
|
|
GOCLAW_GATEWAY_TOKEN=
|
|
GOCLAW_ENCRYPTION_KEY=
|
|
POSTGRES_PASSWORD=
|
|
|
|
# --- Database (only for non-Docker deployments) ---
|
|
# Docker Compose auto-builds this from POSTGRES_USER/PASSWORD/DB.
|
|
# GOCLAW_POSTGRES_DSN=postgres://user:pass@host:5432/dbname?sslmode=disable
|
|
|
|
# --- Sandbox (only when using docker-compose.sandbox.yml) ---
|
|
# Docker socket GID: 999 on Linux, 0 on Windows/macOS Docker Desktop.
|
|
# DOCKER_GID=0
|
|
|
|
# --- Debug ---
|
|
# GOCLAW_TRACE_VERBOSE=1
|