build(agent-job): pin Claude Code CLI; smoke one turn per runtime

Add @anthropic-ai/claude-code@2.1.207 to the job image global npm install,
extend the smoke script with claude --version plus a documented per-runtime
turn block, and reconcile OpenCode/Claude adapter flags against the real CLIs
(all assumed flags confirmed). Document the anthropic_oauth_json credential
snapshot pattern in the README.
This commit is contained in:
Gabriel Brown
2026-07-11 11:25:44 -04:00
parent 702e53a4ba
commit 424307c5af
5 changed files with 26 additions and 10 deletions
+8 -3
View File
@@ -206,8 +206,9 @@ SPOON_AGENT_JOB_IMAGE="git.gbrown.org/gib/spoon-agent-job:latest"
```
The job image includes Node 22, Bun, pnpm and yarn through Corepack, npm, git,
ripgrep, Python, build tools, OpenCode, and the Codex CLI. It is not the forked
project's production runtime; it is the agent execution environment.
ripgrep, Python, build tools, OpenCode, the Codex CLI, and the Claude Code CLI.
It is not the forked project's production runtime; it is the agent execution
environment.
Production worker runtime requirements:
@@ -255,7 +256,11 @@ Deployment readiness checklist:
API-key based AI provider profiles run through OpenCode. Codex ChatGPT login
profiles run through the Codex CLI: Spoon writes the encrypted `auth.json` into
the isolated job workspace as `CODEX_HOME/.codex/auth.json` before execution.
Treat that saved auth file like a password and only use it on trusted workers.
Anthropic profiles run through the Claude Code CLI: API-key profiles authenticate
via `ANTHROPIC_API_KEY`, while `anthropic_oauth_json` credential-snapshot profiles
have their encrypted OAuth blob written into the isolated job workspace as
`~/.claude/.credentials.json` before execution. Treat those saved auth files like
a password and only use them on trusted workers.
</details>