ReachableCEO
343534ac12
This commit introduces the complete toolbox-qadocker implementation with the following features: - Creates a minimal Docker image specifically for auditing Docker images - Does not use toolbox-base as foundation (bootstrap purpose) - Includes essential audit tools: hadolint, shellcheck, trivy, dive, docker client, buildctl - Adds additional tooling: dockerlint and Node.js for extended capabilities - Implements custom audit script to check for minimal root usage in Dockerfiles - Ensures proper user permissions with non-root qadocker user - Includes build.sh, run.sh, docker-compose.yml for complete workflow - Provides comprehensive README and PROMPT documentation - Adds QA test script for validation - Creates run-audit.sh for easy Dockerfile analysis - Optimized for fast rebuilds and effective Dockerfile validation - Configured to check for best practices regarding root usage - Ready to audit toolbox-base and other custom toolboxes This bootstrap image is designed to audit Docker images in the TSYSDevStack ecosystem, ensuring they follow security best practices, particularly regarding minimal root usage in builds.
🧰 ToolboxStack
ToolboxStack provides reproducible developer workspaces for TSYSDevStack contributors. The current toolbox-base image captures the daily-driver container environment used across the project.
Contents
| Area | Description | Path |
|---|---|---|
| Dev Container Image | Ubuntu 24.04 base with shell tooling, mise, aqua-managed CLIs, and Docker socket access. | output/toolbox-base/Dockerfile |
| Build Helpers | Wrapper scripts for building (build.sh) and running (run.sh) the Compose service. |
output/toolbox-base/ |
| Devcontainer Config | VS Code Remote Container definition referencing the Compose service. | output/toolbox-base/.devcontainer/devcontainer.json |
| Prompt & Docs | Onboarding prompt plus a feature-rich README for future collaborators. | output/toolbox-base/PROMPT, output/toolbox-base/README.md |
| Work Log | Comprehensive record of work conducted on the ToolboxStack component. | collab/WORKLOG.md |
| Collaboration Notes | Shared design prompts and coordination notes for toolbox evolution. | collab/ |
Quick Start
cd output/toolbox-base
./build.sh # build the image with UID/GID matching your host
./run.sh up # launch the toolbox-base service in the background
docker exec -it tsysdevstack-toolboxstack-toolbox-base zsh
Use ./run.sh down to stop the container when you are finished.
Contribution Tips
- Document every tooling change in both the
PROMPTandREADME.md. - Prefer installing CLIs via
aquaand language runtimes viamiseto keep the environment reproducible. - Keep cache directories (
.build-cache/, mise mounts) out of Git—they are already covered by the repo's.gitignore. - Update the work log in
collab/WORKLOG.mdwith detailed entries for all significant work. - Follow the README maintenance guide in
collab/README-Maintenance.mdto keep documentation up to date.
🧭 Working Agreement
- Stacks stay in sync. When you add or modify automation, update both the relevant stack README and any linked prompts/docs.
- Collab vs Output. Use
collab/for planning and prompts, keep runnable artifacts underoutput/. - Document forward. New workflows should land alongside tests and a short entry in the appropriate README table.
- AI Agent Coordination. Use Qwen agents for documentation updates, code changes, and maintaining consistency across stacks.
- Work Log Maintenance. Keep
collab/WORKLOG.mdup to date with detailed entries including timestamps, activities, challenges, solutions, learnings, and feelings.
🤖 AI Agent
This stack is maintained by ToolboxBot, an AI agent focused on ToolboxStack workspace management.
📄 License
See LICENSE for full terms. Contributions are welcome—open a discussion in the relevant stack's collab/ area to kick things off.