skitter/Dockerfile.agent at master · id/skitter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
FROM python:3.12-slim

RUN apt-get update && \
    apt-get install -y --no-install-recommends curl && \
    rm -rf /var/lib/apt/lists/*

# Non-root user (UID/GID configurable for bind-mount compatibility)
ARG UID=1000
ARG GID=1000
RUN groupadd -g $GID skitter && useradd -m -s /bin/bash -u $UID -g $GID skitter
USER skitter

# Claude CLI (binary, no Node.js needed)
RUN curl -fsSL https://claude.ai/install.sh | bash

# Codex CLI (binary from GitHub releases)
ARG CODEX_VERSION=0.118.0
ARG TARGETARCH
RUN mkdir -p /home/skitter/.local/bin && \
    ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "aarch64" || echo "x86_64") && \
    curl -fsSL "https://github.com/openai/codex/releases/download/rust-v${CODEX_VERSION}/codex-${ARCH}-unknown-linux-gnu.tar.gz" \
    | tar xz -C /home/skitter/.local/bin/ && \
    ln -s "codex-${ARCH}-unknown-linux-gnu" /home/skitter/.local/bin/codex

# Pre-create dirs so bind-mounts don't create root-owned parents
RUN mkdir -p /home/skitter/.codex /home/skitter/.skitter /home/skitter/.claude

ENV PATH="/home/skitter/.local/bin:$PATH"

WORKDIR /app
COPY --chown=skitter pyproject.toml README.md ./
COPY --chown=skitter skitter/ skitter/

USER root
RUN pip install --no-cache-dir .
USER skitter

ENTRYPOINT ["python", "-m", "skitter", "agent-runner"]