feat(toolbox): update toolbox-template configurations

- Update ToolboxStack/output/toolbox-template/PROMPT with template instructions - Update ToolboxStack/output/toolbox-template/SEED with template seed data - Update ToolboxStack/output/toolbox-template/build.sh with template build process - Update ToolboxStack/output/toolbox-template/docker-compose.yml with template service definitions - Update ToolboxStack/output/toolbox-template/run.sh with template runtime configuration - Add ToolboxStack/output/toolbox-template/Dockerfile for template container configuration - Add ToolboxStack/output/toolbox-template/aqua.yaml for template tool management These changes improve the toolbox template for creating new toolboxes.
2025-10-30 09:31:51 -05:00
parent 4590041bdf
commit 5efe5f4819
7 changed files with 101 additions and 9 deletions
--- a/ToolboxStack/output/toolbox-template/Dockerfile
+++ b/ToolboxStack/output/toolbox-template/Dockerfile
@@ -0,0 +1,25 @@
+# Extend from the toolbox-base image
+FROM tsysdevstack-toolboxstack-toolbox-base:release-current
+
+# Set build arguments (these can be overridden at build time)
+ARG USER_ID=1000
+ARG GROUP_ID=1000
+ARG USERNAME=toolbox
+
+# Ensure the non-root user exists with the correct UID/GID
+RUN if getent passwd "${USER_ID}" >/dev/null; then \
+        existing_user="$(getent passwd "${USER_ID}" | cut -d: -f1)"; \
+        userdel --remove "${existing_user}" 2>/dev/null || true; \
+    fi \
+    && if ! getent group "${GROUP_ID}" >/dev/null; then \
+        groupadd --gid "${GROUP_ID}" "${USERNAME}"; \
+    fi \
+    && useradd --uid "${USER_ID}" --gid "${GROUP_ID}" --shell /usr/bin/zsh --create-home "${USERNAME}" \
+    && usermod -aG sudo "${USERNAME}" 2>/dev/null || true
+
+# Switch to the non-root user
+USER ${USERNAME}
+WORKDIR /workspace
+
+# Default command
+CMD ["/usr/bin/zsh"]
--- a/ToolboxStack/output/toolbox-template/PROMPT
+++ b/ToolboxStack/output/toolbox-template/PROMPT
@@ -5,21 +5,23 @@ You are Codex, collaborating with a human on the TSYSDevStack ToolboxStack proje
  - Start each session by reading it (`cat SEED`) and summarize progress or adjustments here in PROMPT.

 Context snapshot ({{toolbox_name}}):
- Working directory: artifacts/ToolboxStack/{{toolbox_name}}
- Image: tsysdevstack-toolboxstack-{{toolbox_name}} (Ubuntu 24.04)
+- Working directory: TSYSDevStack/ToolboxStack/{{toolbox_name}}
+- Image: extends from tsysdevstack-toolboxstack-toolbox-base (Ubuntu 24.04 base)
 - Container user: toolbox (non-root, UID/GID mapped to host)
 - Mounted workspace: current repo at /workspace (rw)

 Current state:
- Seed items above still need to be translated into Dockerfile/tooling work.
+- Extends from the standard toolbox-base image, inheriting shell tooling (zsh/bash/fish with Starship & oh-my-zsh), core CLI utilities, aqua, and mise.
+- aqua packages are baked into the base image during the build process for consistency and reproducibility.
+- AI CLI tools from the base are available, with host directories mounted for configuration persistence.
 - See ../PROMPT for shared toolbox contribution expectations (documentation sync, build cadence, commit/push discipline, Conventional Commits, atomic history).

 Collaboration checklist:
-1. Translate SEED goals into concrete tooling decisions; mirror outcomes in README.md and this PROMPT (do not rewrite SEED unless the scope resets).
+1. Build upon the base tooling with {{toolbox_name}}-specific additions; mirror outcomes in README.md and this PROMPT.
 2. Prefer aqua-managed CLIs and mise-managed runtimes for reproducibility.
 3. After each tooling change, update README/PROMPT, run ./build.sh, commit (Conventional Commit message, focused diff), and push only once the build succeeds per ../PROMPT.
 4. Record verification steps (build/test commands) as they are performed.
 5. Maintain UID/GID mapping and non-root execution.

 Active focus:
- Initialize {{toolbox_name}} using the toolbox-template scaffolding; evolve the Dockerfile/tooling inventory to satisfy the SEED goals.
+- Initialize {{toolbox_name}} using the toolbox-template scaffolding; evolve the Dockerfile/tooling inventory to satisfy the SEED goals while maintaining consistency with the base image.
--- a/ToolboxStack/output/toolbox-template/SEED
+++ b/ToolboxStack/output/toolbox-template/SEED
@@ -1,3 +1,6 @@
- TODO: describe what this toolbox should provide (languages, CLIs, workflows).
- TODO: list required base image modifications or additional mounts.
- TODO: note verification or testing expectations specific to this toolbox.
+- This toolbox extends from the standard toolbox-base image, inheriting all base tooling (shells, CLIs, package managers).
+- Add {{toolbox_name}}-specific tools via aqua.yaml, Dockerfile, or mise configurations.
+- Document any additional host directory mounts needed in docker-compose.yml.
+- Ensure all tooling is compatible with the non-root toolbox user and UID/GID mapping.
+- Update README.md to document {{toolbox_name}}-specific features and tooling.
+- Follow the same build and run patterns as the base image for consistency.
--- a/ToolboxStack/output/toolbox-template/aqua.yaml
+++ b/ToolboxStack/output/toolbox-template/aqua.yaml
@@ -0,0 +1,8 @@
+version: 1.0.0
+registries:
+  - type: standard
+    ref: v4.431.0
+packages:
+  # Add additional packages specific to your toolbox here
+  # Example:
+  # - name: cli/cli@v2.82.1
--- a/ToolboxStack/output/toolbox-template/build.sh
+++ b/ToolboxStack/output/toolbox-template/build.sh
@@ -2,7 +2,20 @@

 set -euo pipefail

-IMAGE_NAME="tsysdevstack-toolboxstack-{{toolbox_name}}"
+# Validate dependencies
+if ! command -v docker &> /dev/null; then
+    echo "Error: docker is required but not installed." >&2
+    exit 1
+fi
+
+if ! docker buildx version &> /dev/null; then
+    echo "Error: docker buildx is required but not available." >&2
+    exit 1
+fi
+
+# Get the toolbox name from the directory name (or you can pass it as an argument)
+TOOLBOX_NAME="${TOOLBOX_NAME_OVERRIDE:-$(basename "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")}"
+IMAGE_NAME="tsysdevstack-toolboxstack-${TOOLBOX_NAME#toolbox-}"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

 USER_ID="${USER_ID_OVERRIDE:-$(id -u)}"
@@ -15,13 +28,16 @@ CACHE_DIR="${SCRIPT_DIR}/.build-cache"
 echo "Building ${IMAGE_NAME} with UID=${USER_ID} GID=${GROUP_ID} USERNAME=${USERNAME}"

 if ! docker buildx inspect "${BUILDER_NAME}" >/dev/null 2>&1; then
+    echo "Creating builder: ${BUILDER_NAME}"
    docker buildx create --driver docker-container --name "${BUILDER_NAME}" --use >/dev/null
 else
+    echo "Using existing builder: ${BUILDER_NAME}"
    docker buildx use "${BUILDER_NAME}" >/dev/null
 fi

 mkdir -p "${CACHE_DIR}"

+echo "Starting build..."
 docker buildx build \
    --builder "${BUILDER_NAME}" \
    --load \
@@ -34,3 +50,13 @@ docker buildx build \
    --cache-to "type=local,dest=${CACHE_DIR},mode=max" \
    --tag "${IMAGE_NAME}" \
    "${SCRIPT_DIR}"
+
+echo "Build completed successfully."
+
+# Run security scan if TRIVY is available
+if command -v trivy &> /dev/null; then
+    echo "Running security scan with Trivy..."
+    trivy image --exit-code 0 --severity HIGH,CRITICAL "${IMAGE_NAME}"
+else
+    echo "Trivy not found. Install Trivy to perform security scanning."
+fi
--- a/ToolboxStack/output/toolbox-template/docker-compose.yml
+++ b/ToolboxStack/output/toolbox-template/docker-compose.yml
@@ -18,3 +18,14 @@ services:
      - .:/workspace:rw
      - ${HOME}/.local/share/mise:/home/toolbox/.local/share/mise:rw
      - ${HOME}/.cache/mise:/home/toolbox/.cache/mise:rw
+      # AI CLI tool configuration and cache directories
+      - ${HOME}/.config/openai:/home/toolbox/.config/openai:rw
+      - ${HOME}/.config/gemini:/home/toolbox/.config/gemini:rw
+      - ${HOME}/.config/qwen:/home/toolbox/.config/qwen:rw
+      - ${HOME}/.config/code:/home/toolbox/.config/code:rw
+      - ${HOME}/.config/opencode:/home/toolbox/.config/opencode:rw
+      - ${HOME}/.cache/openai:/home/toolbox/.cache/openai:rw
+      - ${HOME}/.cache/gemini:/home/toolbox/.cache/gemini:rw
+      - ${HOME}/.cache/qwen:/home/toolbox/.cache/qwen:rw
+      - ${HOME}/.cache/code:/home/toolbox/.cache/code:rw
+      - ${HOME}/.cache/opencode:/home/toolbox/.cache/opencode:rw
--- a/ToolboxStack/output/toolbox-template/run.sh
+++ b/ToolboxStack/output/toolbox-template/run.sh
@@ -2,6 +2,17 @@

 set -euo pipefail

+# Validate dependencies
+if ! command -v docker &> /dev/null; then
+    echo "Error: docker is required but not installed." >&2
+    exit 1
+fi
+
+if ! command -v docker compose &> /dev/null; then
+    echo "Error: docker compose is required but not installed." >&2
+    exit 1
+fi
+
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 COMPOSE_FILE="${SCRIPT_DIR}/docker-compose.yml"

@@ -18,15 +29,21 @@ ACTION="${1:-up}"
 shift || true

 if [[ "${ACTION}" == "up" ]]; then
+    # Create necessary directories for the toolbox tools
    mkdir -p "${HOME}/.local/share/mise" "${HOME}/.cache/mise"
+    mkdir -p "${HOME}/.config" "${HOME}/.local/share"
+    mkdir -p "${HOME}/.cache/openai" "${HOME}/.cache/gemini" "${HOME}/.cache/qwen" "${HOME}/.cache/code" "${HOME}/.cache/opencode"
+    mkdir -p "${HOME}/.config/openai" "${HOME}/.config/gemini" "${HOME}/.config/qwen" "${HOME}/.config/code" "${HOME}/.config/opencode"
 fi

 case "${ACTION}" in
    up)
        docker compose -f "${COMPOSE_FILE}" up --build --detach "$@"
+        echo "Container started. Use 'docker exec -it $(basename "$SCRIPT_DIR" | sed 's/toolbox-//') zsh' to access the shell."
        ;;
    down)
        docker compose -f "${COMPOSE_FILE}" down "$@"
+        echo "Container stopped."
        ;;
    *)
        echo "Usage: $0 [up|down] [additional docker compose args]" >&2