initial release

Author: CoderLuii

.dockerignore

@@ -0,0 +1,29 @@
+# Git
+.git
+.gitignore
+
+# Documentation
+README.md
+LICENSE
+docs/
+
+# GitHub
+.github/
+
+# Assets (logo, screenshots)
+assets/
+
+# Runtime data (should never be in build context)
+data/
+workspace/
+
+# Editor files
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# OS files
+.DS_Store
+Thumbs.db
+desktop.ini

.github/FUNDING.yml

@@ -0,0 +1,4 @@
+github: CoderLuii
+buy_me_a_coffee: CoderLuii
+custom:
+  - https://www.paypal.com/donate/?hosted_button_id=PM2UXGVSTHDNL

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,81 @@
+name: 🐛 Bug Report
+description: Something isn't working as expected
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for reporting! Please fill out the details below so we can reproduce and fix the issue.
+
+  - type: dropdown
+    id: variant
+    attributes:
+      label: Image Variant
+      options:
+        - Full (latest / dev)
+        - Slim (slim / dev-slim)
+    validations:
+      required: true
+
+  - type: input
+    id: version
+    attributes:
+      label: Image Tag / Version
+      description: "e.g. latest, dev, v1.0.0"
+      placeholder: "latest"
+    validations:
+      required: true
+
+  - type: dropdown
+    id: host-os
+    attributes:
+      label: Host OS
+      options:
+        - Linux
+        - macOS (Docker Desktop)
+        - Windows (Docker Desktop / WSL2)
+        - Synology / NAS
+        - Other
+    validations:
+      required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: What happened?
+      description: A clear description of the bug
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: What did you expect?
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps to reproduce
+      description: Minimal steps to trigger the bug
+      value: |
+        1.
+        2.
+        3.
+    validations:
+      required: true
+
+  - type: textarea
+    id: compose
+    attributes:
+      label: Docker Compose / Run command
+      description: Your compose file or docker run command (redact API keys)
+      render: yaml
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs / Error output
+      description: Paste relevant container logs
+      render: shell

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: 💬 Questions & Discussion
+    url: https://github.com/CoderLuii/HolyClaude/discussions
+    about: Ask questions, share setups, or discuss ideas
+  - name: 🔒 Security Vulnerability
+    url: https://github.com/CoderLuii/HolyClaude/security/advisories/new
+    about: Report security issues privately

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,56 @@
+name: ✨ Feature Request
+description: Suggest a new tool, package, or feature
+labels: ["enhancement"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Have an idea to make HolyClaude better? We'd love to hear it.
+
+  - type: dropdown
+    id: category
+    attributes:
+      label: Category
+      options:
+        - New tool / package
+        - New AI CLI integration
+        - Docker / container improvement
+        - Web UI enhancement
+        - Documentation
+        - Other
+    validations:
+      required: true
+
+  - type: dropdown
+    id: variant
+    attributes:
+      label: Which variant should this target?
+      options:
+        - Full only
+        - Slim only
+        - Both
+        - Not sure
+    validations:
+      required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: What would you like?
+      description: Describe the feature or tool you'd like added
+    validations:
+      required: true
+
+  - type: textarea
+    id: usecase
+    attributes:
+      label: Use case
+      description: How would you use this? What problem does it solve?
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered
+      description: Any workarounds or alternative tools you've tried?

.github/ISSUE_TEMPLATE/package_request.yml

@@ -0,0 +1,53 @@
+name: 📦 Package / Tool Request
+description: Request a new package or tool to be included in the image
+labels: ["enhancement", "package-request"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Want a tool or package added to HolyClaude? Let us know!
+
+        Before requesting, check the [full tool list](https://github.com/coderluii/holyclaude#rocket-whats-inside) to make sure it's not already included.
+
+  - type: input
+    id: package-name
+    attributes:
+      label: Package / Tool name
+      placeholder: "e.g. kubectl, terraform, redis-cli"
+    validations:
+      required: true
+
+  - type: input
+    id: install-method
+    attributes:
+      label: How is it installed?
+      description: "apt, npm, pip, curl, etc."
+      placeholder: "e.g. apt install kubectl"
+    validations:
+      required: true
+
+  - type: dropdown
+    id: variant
+    attributes:
+      label: Which variant?
+      description: Full includes everything, Slim is lightweight
+      options:
+        - Full only
+        - Both (full + slim)
+    validations:
+      required: true
+
+  - type: textarea
+    id: why
+    attributes:
+      label: Why should this be included?
+      description: How does this help AI coding workflows?
+    validations:
+      required: true
+
+  - type: input
+    id: size
+    attributes:
+      label: Approximate size impact
+      description: "How much disk space does this add? (optional)"
+      placeholder: "e.g. ~50MB"

.github/SECURITY.md

@@ -0,0 +1,56 @@
+# Security Policy
+
+## Overview
+
+HolyClaude runs AI coding agents inside a Docker container with elevated capabilities. This document explains the security model, what the container can access, and how to report vulnerabilities.
+
+## Container Capabilities
+
+HolyClaude requires the following Docker capabilities:
+
+| Capability | Why | Risk |
+|-----------|-----|------|
+| `SYS_ADMIN` | Chromium sandboxing (Linux namespaces) | Standard for any Chromium-in-Docker setup |
+| `SYS_PTRACE` | Debugging tools (strace, lsof) | Allows process inspection within the container |
+| `seccomp=unconfined` | Chromium syscall requirements | Removes syscall filtering for the container |
+
+These are required for Chromium to function and are standard across Playwright, Puppeteer, and CI/CD browser testing setups. They do **not** grant the container access to the host system beyond what Docker normally allows.
+
+## Permission Modes
+
+| Mode | Default? | What it means |
+|------|----------|--------------|
+| `allowEdits` | **Yes** | Claude can edit files freely, asks before running shell commands |
+| `bypassPermissions` | No | Claude runs any command without confirmation |
+
+The default `allowEdits` mode is safe for most users. `bypassPermissions` is documented for power users who understand the implications.
+
+## Credential Storage
+
+- API keys and authentication tokens are stored in `./data/claude/` on the host (bind-mounted to `~/.claude/` in the container)
+- Credentials never leave the container — HolyClaude does not proxy, intercept, or transmit credentials to any third party
+- The container communicates directly with AI provider APIs (Anthropic, Google, OpenAI) using your credentials
+
+## Network Access
+
+The container has unrestricted outbound network access. This is required for:
+- AI provider API calls (Anthropic, Google, OpenAI)
+- npm/pip package installations
+- Git operations (clone, push, pull)
+- Any web requests Claude Code makes during development tasks
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in HolyClaude:
+
+1. **Do not** open a public GitHub issue
+2. Use [GitHub Security Advisories](https://github.com/CoderLuii/HolyClaude/security/advisories/new) to report privately
+3. Include: description, steps to reproduce, and potential impact
+4. You will receive a response within 48 hours
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| latest | Yes |
+| < 1.0.0 | No |

.github/pull_request_template.md

@@ -0,0 +1,27 @@
+## What does this PR do?
+
+<!-- Brief description of the change -->
+
+## Type of change
+
+- [ ] Bug fix
+- [ ] New tool / package
+- [ ] Feature / enhancement
+- [ ] Documentation
+- [ ] CI / build improvement
+- [ ] Other
+
+## Variant affected
+
+- [ ] Full
+- [ ] Slim
+- [ ] Both
+- [ ] N/A
+
+## Checklist
+
+- [ ] I've tested this locally with `docker compose up`
+- [ ] Image still builds successfully
+- [ ] No credentials or secrets are included
+- [ ] CHANGELOG.md updated (if user-facing change)
+- [ ] README.md updated (if adding/removing tools)

.github/release.yml

@@ -0,0 +1,17 @@
+changelog:
+  categories:
+    - title: New Features
+      labels:
+        - enhancement
+    - title: Bug Fixes
+      labels:
+        - bug
+    - title: New Packages / Tools
+      labels:
+        - package-request
+    - title: Documentation
+      labels:
+        - documentation
+    - title: Other Changes
+      labels:
+        - "*"