From 0edb26e39185e17dcd31a96a66fb09c4ee6270f6 Mon Sep 17 00:00:00 2001 From: Andrea Luzzardi Date: Mon, 14 Jul 2025 15:17:38 -0700 Subject: [PATCH 1/4] WIP: claude: do not rely on a rule to use CU Signed-off-by: Andrea Luzzardi --- AGENT.md | 6 ------ mcpserver/args.go | 10 +++++++--- mcpserver/tools.go | 9 ++++++--- 3 files changed, 13 insertions(+), 12 deletions(-) diff --git a/AGENT.md b/AGENT.md index be83fffd..c4c60326 100644 --- a/AGENT.md +++ b/AGENT.md @@ -2,12 +2,6 @@ This is a development environment for container-use, a CLI tool that provides co container-use is designed to work with MCP-compatible agents like Claude Code and Cursor. -ENVIRONMENT: - -- ALWAYS use ONLY Environments for ANY and ALL file, code, or shell operations—NO EXCEPTIONS—even for simple or generic requests. -- DO NOT install or use the git cli with the environment_run_cmd tool. All environment tools will handle git operations for you. Changing ".git" yourself will compromise the integrity of your environment. -- You MUST inform the user how to view your work using `cu log ` AND `cu checkout `. Failure to do this will make your work inaccessible to others. - DEVELOPMENT WORKFLOW: - Build: Use 'go build -o container-use ./cmd/container-use' or 'dagger call build --platform=current export --path ./container-use' diff --git a/mcpserver/args.go b/mcpserver/args.go index aa343200..ddc50fb3 100644 --- a/mcpserver/args.go +++ b/mcpserver/args.go @@ -1,6 +1,10 @@ package mcpserver -import "github.com/mark3labs/mcp-go/mcp" +import ( + "fmt" + + "github.com/mark3labs/mcp-go/mcp" +) var ( explainationArgument = mcp.WithString("explanation", @@ -11,7 +15,7 @@ var ( mcp.Required(), ) environmentIDArgument = mcp.WithString("environment_id", - mcp.Description("The ID of the environment for this command. Must call `environment_create` first."), + mcp.Description("The ID of the environment for this command."), mcp.Required(), ) ) @@ -29,7 +33,7 @@ func newRepositoryTool(name string, description string, args ...mcp.ToolOption) func newEnvironmentTool(name string, description string, args ...mcp.ToolOption) mcp.Tool { opts := []mcp.ToolOption{ - mcp.WithDescription(description), + mcp.WithDescription(fmt.Sprintf("%s\n\nMust call `environment_open` or `environment_create` before the environment can be manipulated.", description)), explainationArgument, environmentSourceArgument, environmentIDArgument, diff --git a/mcpserver/tools.go b/mcpserver/tools.go index 1433ab24..8fd060be 100644 --- a/mcpserver/tools.go +++ b/mcpserver/tools.go @@ -224,9 +224,12 @@ var EnvironmentOpenTool = &Tool{ var EnvironmentCreateTool = &Tool{ Definition: newRepositoryTool( "environment_create", - `Creates a new development environment. -The environment is the result of a the setups commands on top of the base image. -Environment configuration is managed by the user via cu config commands.`, + `ALWAYS use ONLY Environments for ANY and ALL file, code, or shell operations—NO EXCEPTIONS—even for simple or generic requests. +NEVER use built-in tools as they are UNSAFE. + +DO NOT install or use the git cli with the environment_run_cmd tool. All environment tools will handle git operations for you. Changing ".git" yourself will compromise the integrity of your environment. + +You MUST inform the user how to view your work using "container-use log " AND "container-use checkout ". Failure to do this will make your work inaccessible to others.`, mcp.WithString("title", mcp.Description("Short description of the work that is happening in this environment."), mcp.Required(), From 38e5af9bb30dc34723c085ae9ebc52f9446dc306 Mon Sep 17 00:00:00 2001 From: Andrea Luzzardi Date: Mon, 14 Jul 2025 15:38:14 -0700 Subject: [PATCH 2/4] claude config: block built-in tools, don't install rules Signed-off-by: Andrea Luzzardi --- cmd/container-use/agent/configure_claude.go | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/cmd/container-use/agent/configure_claude.go b/cmd/container-use/agent/configure_claude.go index 6befb4c3..4de35be9 100644 --- a/cmd/container-use/agent/configure_claude.go +++ b/cmd/container-use/agent/configure_claude.go @@ -7,8 +7,6 @@ import ( "os/exec" "path/filepath" "strings" - - "github.com/dagger/container-use/rules" ) type ConfigureClaude struct { @@ -77,7 +75,22 @@ func (c *ConfigureClaude) editMcpConfig() error { func (c *ConfigureClaude) updateSettingsLocal(config ClaudeSettingsLocal) ([]byte, error) { // Initialize permissions map if nil if config.Permissions == nil { - config.Permissions = &ClaudePermissions{Allow: []string{}} + config.Permissions = &ClaudePermissions{ + Allow: []string{}, + Deny: []string{}, + } + } + + // FIXME(aluzzardi): I don't know what I'm doing at this point. + // This should be revisited, and we should merge this with what the user already has? + config.Permissions.Deny = []string{ + "LS", + "Read", + "Edit", + "MultiEdit", + "Write", + "Bash", + "Search", } // remove save non-container-use items from allow @@ -102,7 +115,7 @@ func (c *ConfigureClaude) updateSettingsLocal(config ClaudeSettingsLocal) ([]byt } func (c *ConfigureClaude) editRules() error { - return saveRulesFile("CLAUDE.md", rules.AgentRules) + return nil } func (c *ConfigureClaude) isInstalled() bool { From 34ed9218712aaf83a165dd008d2ddd81b4ab65db Mon Sep 17 00:00:00 2001 From: Andrea Luzzardi Date: Mon, 14 Jul 2025 16:01:47 -0700 Subject: [PATCH 3/4] claude config: block more tools Signed-off-by: Andrea Luzzardi --- cmd/container-use/agent/configure_claude.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/container-use/agent/configure_claude.go b/cmd/container-use/agent/configure_claude.go index 4de35be9..4ae05dd7 100644 --- a/cmd/container-use/agent/configure_claude.go +++ b/cmd/container-use/agent/configure_claude.go @@ -85,7 +85,11 @@ func (c *ConfigureClaude) updateSettingsLocal(config ClaudeSettingsLocal) ([]byt // This should be revisited, and we should merge this with what the user already has? config.Permissions.Deny = []string{ "LS", + "Glob", + "Grep", "Read", + "NotebookRead", + "NotebookEdit", "Edit", "MultiEdit", "Write", From e89d94974ea63b8b5718e97e842a33a03633f338 Mon Sep 17 00:00:00 2001 From: Connor Braa Date: Tue, 15 Jul 2025 13:18:49 -0700 Subject: [PATCH 4/4] thinner, more consistent instructions for environment ID management and git behavior Signed-off-by: Connor Braa --- mcpserver/args.go | 19 ++++++++++++------- mcpserver/tools.go | 9 ++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/mcpserver/args.go b/mcpserver/args.go index ddc50fb3..71344ed9 100644 --- a/mcpserver/args.go +++ b/mcpserver/args.go @@ -1,13 +1,18 @@ package mcpserver import ( - "fmt" + "strings" "github.com/mark3labs/mcp-go/mcp" ) +const ( + repositoryToolSuffix = "You MUST tell the user how to view environment changes using \"container-use log \", \"container-use diff \", AND \"container-use checkout \". Failure to do so will make your work completely inaccessible." + environmentToolSuffix = "You must call `environment_create` or `environment_open` to obtain a valid environment_id value. LLM-generated environment IDs WILL cause task failure." +) + var ( - explainationArgument = mcp.WithString("explanation", + explanationArgument = mcp.WithString("explanation", mcp.Description("One sentence explanation for why this directory is being listed."), ) environmentSourceArgument = mcp.WithString("environment_source", @@ -15,15 +20,15 @@ var ( mcp.Required(), ) environmentIDArgument = mcp.WithString("environment_id", - mcp.Description("The ID of the environment for this command."), + mcp.Description("The ID of the environment for this command. DO NOT generate environment_id values."), mcp.Required(), ) ) func newRepositoryTool(name string, description string, args ...mcp.ToolOption) mcp.Tool { opts := []mcp.ToolOption{ - mcp.WithDescription(description), - explainationArgument, + mcp.WithDescription(strings.Join([]string{description, repositoryToolSuffix}, "\n\n")), + explanationArgument, environmentSourceArgument, } opts = append(opts, args...) @@ -33,8 +38,8 @@ func newRepositoryTool(name string, description string, args ...mcp.ToolOption) func newEnvironmentTool(name string, description string, args ...mcp.ToolOption) mcp.Tool { opts := []mcp.ToolOption{ - mcp.WithDescription(fmt.Sprintf("%s\n\nMust call `environment_open` or `environment_create` before the environment can be manipulated.", description)), - explainationArgument, + mcp.WithDescription(strings.Join([]string{description, environmentToolSuffix}, "\n\n")), + explanationArgument, environmentSourceArgument, environmentIDArgument, } diff --git a/mcpserver/tools.go b/mcpserver/tools.go index 8fd060be..5d2b25f9 100644 --- a/mcpserver/tools.go +++ b/mcpserver/tools.go @@ -224,12 +224,7 @@ var EnvironmentOpenTool = &Tool{ var EnvironmentCreateTool = &Tool{ Definition: newRepositoryTool( "environment_create", - `ALWAYS use ONLY Environments for ANY and ALL file, code, or shell operations—NO EXCEPTIONS—even for simple or generic requests. -NEVER use built-in tools as they are UNSAFE. - -DO NOT install or use the git cli with the environment_run_cmd tool. All environment tools will handle git operations for you. Changing ".git" yourself will compromise the integrity of your environment. - -You MUST inform the user how to view your work using "container-use log " AND "container-use checkout ". Failure to do this will make your work inaccessible to others.`, + "Create a new environment for environment_source development.\n\nALWAYS use ONLY Environments for ANY and ALL file, code, or shell operations— NO EXCEPTIONS— even for simple or generic requests. NEVER use built-in tools as they are UNSAFE.", mcp.WithString("title", mcp.Description("Short description of the work that is happening in this environment."), mcp.Required(), @@ -424,7 +419,7 @@ var EnvironmentListTool = &Tool{ var EnvironmentRunCmdTool = &Tool{ Definition: newEnvironmentTool( "environment_run_cmd", - "Run a terminal command inside a NEW container within the environment.", + "Run a terminal command inside a NEW container within the environment. Any changes to the working directory's git state (/workdir/.git) will be discarded.", mcp.WithString("command", mcp.Description("The terminal command to execute. If empty, the environment's default command is used."), ),