add jq and gh to claude code runner

[MichaelClifford]

Quality of life update that adds jq and gh to the claude code runner.

[cgwalters]

Looks obviously sane but #364 is a much bigger attempt to fix things like this.

[sallyom]

LGTM running tests

[github-actions]

Claude Code Review

Summary

This PR adds jq and gh CLI tools to the claude-code-runner container. The change is straightforward and adds useful utilities for JSON processing and GitHub operations within runner pods. However, there are minor style and documentation issues to address.

Overall Assessment: Approve with minor fixes recommended

Issues by Severity

Minor Issues

1. Trailing Whitespace (Line 8)

• Location: components/runners/claude-code-runner/Dockerfile:8
• Issue: Line 8 has trailing whitespace after gh backslash
• Fix: Remove the trailing space

2. Missing Documentation

• Issue: No documentation about available system tools in the runner
• Impact: Users/developers may not know what CLI tools are available in runner sessions
• Recommendation: Consider adding a brief comment documenting available CLI tools

3. GitHub CLI Authentication Consideration

• Context: The gh CLI requires authentication for most operations
• Current State: The operator injects GITHUB_TOKEN from ambient-non-vertex-integrations secret when present (sessions.go:595-604)
• Status: Already handled correctly - the integration secrets are injected as environment variables
• Note: Users should ensure GITHUB_TOKEN is configured in their project integration secrets for gh to work properly

Positive Highlights

1. Clean, minimal change - Adds exactly what is needed without unnecessary modifications
2. Follows existing patterns - Uses same apt-get pattern as other dependencies
3. Useful additions - jq enables JSON processing, gh enables GitHub operations directly from Claude Code sessions
4. Security conscious - Both packages are well-maintained and from official Debian repos
5. Correct cleanup - Maintains rm -rf /var/lib/apt/lists/* to keep image size minimal

Recommendations

Priority 1 (Should fix before merge):

• Remove trailing whitespace on line 8

Priority 2 (Nice to have):

• Add inline comments documenting available CLI tools
• Consider adding a note about gh CLI requiring GITHUB_TOKEN to be configured

Additional Context

Security Review: No concerns - Both jq and gh are from official Debian repositories. Runner pods already have AllowPrivilegeEscalation: false and Capabilities: Drop: ALL (sessions.go:444-447)

Performance Review: No concerns - Additional packages add ~5-10MB to image size (negligible for python:3.11-slim base)

Testing: No tests needed - CI will verify the Dockerfile builds successfully

Verdict: This is a good quality-of-life improvement. The only blocker is the trailing whitespace on line 8.