Skip to content

refactor: API-first positioning, Python client library, and tests #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
abhishek-anand wants to merge 7 commits into
base: main
Choose a base branch
from
Open

refactor: API-first positioning, Python client library, and tests #17

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
ba53ee7
refactor: API-first positioning and Python client library
abhishek-anand Feb 2, 2026
b2177b1
test: add unit tests and container best practices
abhishek-anand Feb 2, 2026
87c161c
fix: graceful shutdown, refactor tests, and update install instructions
abhishek-anand Feb 2, 2026
ae745a3
Fix PR review issues: remove unused event, use specific exception
abhishek-anand Feb 2, 2026
c64db55
Add AI agents and cloud CLIs to container image
abhishek-anand Feb 4, 2026
b733e7c
Fix PR review issues: security and DRY
abhishek-anand Feb 4, 2026
cba73aa
fix: correct route ordering for deprecated session endpoints
abhishek-anand Feb 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion .github/workflows/docker-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ on:
branches: [ main ]
release:
types: [ published ]
schedule:
# Every 48 hours at midnight UTC
- cron: '0 0 */2 * *'
workflow_dispatch:
# Manual trigger

env:
REGISTRY: docker.io
Expand Down Expand Up @@ -61,7 +66,18 @@ jobs:
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max


- name: Scan image for vulnerabilities
if: github.event_name != 'pull_request'
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:docker-latest
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'

- name: Generate build summary
run: |
echo "## Docker Build Summary" >> $GITHUB_STEP_SUMMARY
Expand Down
41 changes: 41 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,47 @@ ENV PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
RUN npm install playwright@1.53.0 -g
RUN npx playwright@1.53.0 install

# --- AI Coding Agents ---
# Claude Code CLI (pinned to major version 1.x)
RUN npm install -g @anthropic-ai/claude-code@1

# OpenAI Codex CLI
RUN npm install -g @openai/codex

# Gemini CLI
RUN npm install -g @anthropic-ai/claude-code@1 && \
pip install --no-cache-dir google-generativeai
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The package @anthropic-ai/claude-code@1 is installed here, but it was already installed on line 112. This duplicate installation should be removed to reduce build time and image size.

Additionally, it's a Docker best practice to chain RUN commands to reduce the number of layers. You could combine the npm install commands for the AI agents into a single layer.

    pip install --no-cache-dir google-generativeai


# Cursor CLI (installs as 'agent' at ~/.local/bin)
RUN curl -fsSL https://cursor.com/install | bash && \
ln -sf /root/.local/bin/agent /usr/local/bin/cursor
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

Piping the output of curl directly to bash is a significant security risk. The script from cursor.com/install is executed without any verification of its contents. If the source is compromised, this could lead to arbitrary code execution during the image build process.

A safer approach is to download the script to a file, verify its checksum if one is provided, and then execute it.


# --- Cloud CLIs ---
# AWS CLI v2
RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "awscliv2.zip" && \
unzip -q awscliv2.zip && \
./aws/install && \
rm -rf awscliv2.zip aws

# Google Cloud CLI
RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | \
tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | \
gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg && \
apt-get update && apt-get install -y google-cloud-cli && \
apt-get clean && rm -rf /var/lib/apt/lists/*

# GitHub CLI (gh)
RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | \
dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | \
tee /etc/apt/sources.list.d/github-cli.list > /dev/null && \
apt-get update && apt-get install -y gh && \
apt-get clean && rm -rf /var/lib/apt/lists/*

# Azure CLI
RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

Similar to a previous comment, piping curl to bash from aka.ms/InstallAzureCLIDeb is a security risk. It executes a script from the internet without verification. While aka.ms is a Microsoft domain, the practice itself is insecure and should be avoided. The recommended way to install the Azure CLI is by following the official instructions which involve adding the Microsoft package repository, a more secure method.


# Copy the entrypoint script into the image
COPY entrypoint.sh /entrypoint.sh

Expand Down
Loading