feat: document deployment patterns and host access implications #28
Description
Summary
Document the three deployment patterns for Shellwright, their security implications, and common use cases for each.
Deployment Patterns
1. stdio mode (default)
shellwright # runs as MCP server over stdio- Access: Full local filesystem, user permissions
- Risk: Shell commands run as the invoking user
- Use case: Local development, Claude Code integration
2. HTTP mode
shellwright --http --port 7498- Access: Full access to the host system
- Risk: Centralized endpoint - multiple agents share one host
- Use case: Shared dev environments, CI/CD pipelines
3. Docker (isolated)
docker run -p 7498:7498 ghcr.io/dwmkerr/shellwright --http- Access: Container filesystem only (no host access by default)
- Risk: Most isolated, but cannot access local files
- Use case: Sandboxed demos, untrusted workloads
Documentation Needed
- README section - Quick overview of the three patterns
- Security considerations - What each mode can/cannot access
- Common use cases:
- "I want to automate my local terminal" → stdio
- "I want a shared shell server for my team" → HTTP + auth considerations
- "I want to demo safely" → Docker
- Mounting volumes in Docker - When you need specific paths available
Example Table for Docs
| Pattern | Host Access | Isolation | Multi-agent | Setup |
|---|---|---|---|---|
| stdio | Full | None | No | Simple |
| HTTP | Full | None | Yes | Medium |
| Docker | None* | Container | Yes | Medium |
*Unless volumes mounted