Skip to content

Add devcontainer for isolating Claude Code#3922

Draft
samsrabin wants to merge 15 commits intoESCOMP:b4b-devfrom
samsrabin:claude-devcontainer
Draft

Add devcontainer for isolating Claude Code#3922
samsrabin wants to merge 15 commits intoESCOMP:b4b-devfrom
samsrabin:claude-devcontainer

Conversation

@samsrabin
Copy link
Copy Markdown
Member

@samsrabin samsrabin commented Apr 10, 2026
edited
Loading

Description of changes

This PR adds a .devcontainer/ directory at the top level with instructions and files for setting up a container in which Claude Code can be isolated.

Remaining work:

  • Publish container to GitHub Container Registry
  • Include documentation on website
  • Make sure it works equally well with Podman
  • Include podman inside container for doc building/testing purposes
  • Include script for installing a specific version of Superpowers
  • Include GitHub workflow to post an issue when a new version of Superpowers is available
  • Make this part of a larger effort; this PR should e.g. not come in to b4b-dev or master until we have agent instruction files!

Specific notes

Contributors other than yourself, if any: None

CTSM Issues Fixed (include github issue #): None

Are answers expected to change (and if so in what way)? No

Any User Interface Changes (namelist or namelist defaults changes)? No

Does this create a need to change or add documentation? Did you do so? Yes; not yet.

Testing performed, if any: I worked on #3920 and ESMCI/doc-builder#37 using this isolated Claude Code setup in unattended mode.

samsrabin and others added 14 commits April 9, 2026 15:04
@samsrabin
Add .devcontainer with Anthropic's vanilla setup.
70df5a5
@samsrabin @claude
Add Miniconda installation to devcontainer Dockerfile
ae17276 
Install Miniconda as root (with arch detection for x86_64/aarch64),
make it accessible to the node user, and initialize conda for both
bash and zsh shells.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@samsrabin @claude
Add setup-conda-env.sh for devcontainer postCreateCommand
bc2e09b 
Script creates the ctsm_pylib conda environment using py_env_create,
auto-activates it in new terminal sessions, and verifies key tools
(python, pylint, black) are available.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@samsrabin @claude
Update devcontainer.json for Python/CTSM development
1f7b847 
Replace JS extensions (eslint, prettier) with Python extensions
(ms-python.python, pylint, black-formatter). Configure VS Code to
use the ctsm_pylib conda env, pylint with .pylintrc, and black with
pyproject.toml. Add postCreateCommand to create the conda env.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@samsrabin @claude
Add conda-forge and PyPI domains to firewall whitelist
804770f 
Allow conda.anaconda.org, repo.anaconda.com, pypi.org, and
files.pythonhosted.org through the firewall so additional packages
can be installed after the firewall activates.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@samsrabin @claude
Update devcontainer README with CTSM customizations
a3f8b91 
Document the Miniconda installation, conda env setup script,
Python VS Code extensions/settings, and firewall whitelist additions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@samsrabin @claude
Fix ipset duplicate error in firewall script
aec535c 
Add -exist flag to ipset add commands so duplicate IPs (from
multiple domains resolving to the same address) are silently
ignored instead of causing a fatal error.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@samsrabin @claude
Accept conda Terms of Service in setup-conda-env.sh
2dd5866 
Modern conda requires TOS acceptance for default channels before
env creation. Accept pkgs/main and pkgs/r TOS non-interactively
before running py_env_create.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@samsrabin @claude
Move conda init after zsh-in-docker in Dockerfile
253562c 
zsh-in-docker overwrites .zshrc, so conda init must run after it
to ensure the conda initialization block persists. This fixes
"Run 'conda init' before 'conda activate'" errors in VS Code
terminal sessions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@samsrabin @claude
Switch devcontainer from zsh to bash
d6ad7e0 
Remove zsh-in-docker and powerline10k setup, change default shell
to bash, and simplify conda init to bash only. This eliminates the
zsh-in-docker .zshrc overwrite issue and reduces image complexity.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@samsrabin @claude
Add git-lfs to devcontainer for documentation builds
312641b 
Required by the doc build process to fetch LFS-tracked image files.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@samsrabin @claude
Document need for gh auth in devcontainer.
1370427 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@samsrabin @claude
Add en_US.UTF-8 locale to devcontainer
1b4c347 
Install and configure the en_US.UTF-8 locale to fix Sphinx
locale.Error during documentation builds and suppress bash
setlocale warnings.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@samsrabin
Improve .devcontainer/README.md.
a081834
@samsrabin samsrabin self-assigned this Apr 10, 2026
@samsrabin samsrabin added the bfb bit-for-bit label Apr 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@samsrabin samsrabin

Labels

bfb bit-for-bit

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@samsrabin