Add Apple Container toolkit for macOS VM-isolated development #11
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
deviantony
commented
Jan 15, 2026
deviantony
commented
- Create Dockerfile with zsh, starship, Claude Code plugins, and dev tools
- Add devbox-apple script for container lifecycle management (enter, stop, destroy, build)
- Include ccm script for Claude-powered commit message generation
- Add entrypoint script with tmp file cleanup for disk management
- Document setup, usage, port forwarding, and directory mounts in README
- Add Claude Code permission denials for .env and .ssh files in alapenna-ghostty
- Remove todo helper function from alapenna-ghostty toolkit
- Create Dockerfile with zsh, starship, Claude Code plugins, and dev tools - Add devbox-apple script for container lifecycle management (enter, stop, destroy, build) - Include ccm script for Claude-powered commit message generation - Add entrypoint script with tmp file cleanup for disk management - Document setup, usage, port forwarding, and directory mounts in README - Add Claude Code permission denials for .env and .ssh files in alapenna-ghostty - Remove todo helper function from alapenna-ghostty toolkit
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds a new Apple Container toolkit (alapenna-container) for macOS VM-isolated development, alongside minor updates to the existing alapenna-ghostty toolkit. The new toolkit leverages Apple's native container CLI (macOS 26+) to provide enhanced isolation compared to Docker/OrbStack, with each container running in its own lightweight VM.
Changes:
- Add complete
alapenna-containertoolkit with Dockerfile, scripts, and documentation for Apple Silicon Mac development - Add permission denials for
.envand.sshfiles in Claude Code settings foralapenna-ghostty - Remove todo helper function from
alapenna-ghosttytoolkit
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
user-toolkits/alapenna-container/Dockerfile |
New Dockerfile with zsh, starship, Claude Code plugins, and dev tools based on portainer/dev-toolkit:2025.12 |
user-toolkits/alapenna-container/devbox-apple |
Container lifecycle management script for Apple container CLI with VM resource configuration |
user-toolkits/alapenna-container/scripts/ccm |
Claude-powered commit message generation script with manual fallback for large diffs |
user-toolkits/alapenna-container/scripts/entrypoint.sh |
Container entrypoint with automatic tmp cleanup for disk management |
user-toolkits/alapenna-container/README.md |
Complete documentation covering setup, usage, and troubleshooting |
user-toolkits/alapenna-ghostty/Dockerfile |
Add Claude Code permission denials and remove todo function |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Update README to clarify SSH/GPG directories are copied, not live-mounted - Fix script reference from "devbox" to "devbox-apple" in README - Add claude CLI availability check with helpful error message in ccm script
… config improvements - Replace hardcoded /root paths with $HOME variable in Claude config setup - Add ~/.docker/** to denied read permissions for security - Implement conditional Docker socket mounting with runtime detection - Reorganize README to show installation steps before usage - Update help text to reflect optional Docker socket mounting behavior
…tion - Document that socket mounting support is merged but not yet released - Add note about PR #487 merged on 2026-01-23 awaiting future release - Comment out socket mounting code with instructions for future re-enablement - Update help text to reflect current limitation - Add future enhancements section documenting upcoming socket support
- Change port range from 6443-9999 to 10000-19999 - Add port assignment guidelines for common services - Document suggested port ranges for different service types - Update help text to reflect new port mappings Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Download fzf key-bindings.zsh directly from GitHub to fix missing file error - Create /usr/share/fzf directory during image build for consistent paths - Add rebuild command to destroy container and rebuild image in one step - Fix credential setup to handle empty directories gracefully with glob checks - Add informative messages when SSH or GPG keys are not found - Document rebuild command in README
- Add explicit stop before deletion in destroy command - Refactor rebuild to use destroy command instead of inline deletion - Add comment clarifying auto-stop behavior in rebuild flow
- Check if container is running before attempting to stop - Add user feedback when stopping container during destroy - Remove unnecessary cmd_stop call in destroy operation - Prevent errors when destroying already-stopped containers
…gement - Add hostname to starship prompt for container identification - Change glow installation from Go build to binary download for faster builds - Update Plannotator port from 8999 to 17777 - Add builder resource configuration (8 CPUs / 8GB default) - Implement auto-remove builder after build to free resources - Add --keep-builder flag for faster consecutive rebuilds - Add builder-configure command to adjust CPU/memory allocation - Update documentation with builder management and port configuration Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…ilder status display - Fix glow extraction to handle versioned directory structure - Show actual builder configuration during build command - Add informational message when builder differs from script defaults - Remove unnecessary builder recreation logic - Clean up temporary files after glow installation Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Fix column parsing for CPU and memory values in builder status output - Add interactive warning when builder config differs from script defaults - Prompt user to continue or cancel build when mismatch detected - Clarify builder creation message when no builder exists - Improve messaging to respect manual builder configurations
- Replace bash-style read with zsh read syntax - Use named variable 'reply' instead of REPLY - Remove -n and -r flags incompatible with zsh read
- Change builder delete from specific 'buildkit' to generic deletion - Add zsh requirement to README prerequisites - Document zsh requirement in installation instructions
…e clarity - Extract container existence and builder existence checks into helper functions - Extract credential copying logic into reusable helper function - Add container and builder resource configuration constants at top of script - Improve builder resource display in help command to show both container and builder settings - Replace silent boolean checks with named helper functions for better readability - Use --force flag for container deletion to handle both running and stopped states - Standardize variable scoping with local declarations throughout - Update help text to clarify Docker socket support status Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…ofiles - Replace numeric CPU/memory arguments with named profiles (light/balanced/performance/max) - Change builder mismatch warning to check against recommended performance profile instead of script defaults - Add profile validation and help text showing available configurations - Document builder lifecycle and profile persistence behavior in README - Clarify that performance profile (8 CPUs/8g) is recommended default - Update help output to show profile usage and default behavior
- Add GnuPG directory to Claude Code file access deny list - Fix credential directory existence check to use correct array index
- Add recursive directory copying with tar for nested credential structures - Replace wildcard chmod with find-based permission setting for reliability - Add conditional logic to handle both files and directories during copy - Improve error handling with stderr suppression for tar operations
…tion - Reorganize README sections for better logical flow - Move isolation benefits section closer to prerequisites - Simplify directory configuration with clearer volume vs copied distinction - Remove redundant builder behavior tables and script defaults section - Remove troubleshooting sections for image pull and permissions - Streamline builder configuration documentation - Update devbox-apple script header with complete command reference - Remove comparison table from top of README
- Add setup_git_config function to copy host git settings - Configure user.email, user.name, and push.autoSetupRemote in container - Copy GPG signing configuration when present on host - Call setup_git_config during container entry process
…d GitHub CLI authentication - Add comprehensive first-time setup section to README with three-phase setup flow - Document automatic git configuration synchronization requirements on host Mac - Add GitHub CLI browser-based authentication setup instructions - Document Claude Code authentication requirements for first use - Implement `setup_gh_auth()` function for automatic GitHub CLI authentication - Configure GitHub CLI with SSH protocol and skip SSH key upload during setup
- Add explicit browser opening to GitHub device login page - Update README to clarify one-time code display and entry process - Add informational message before browser opens - Include brief delay to ensure browser opens before authentication prompt
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.