Scripts Reference
Overview
The scripts/ directory contains 8 shell scripts for container lifecycle management, build verification, and cluster setup. All scripts use set -euo pipefail for strict error handling and include inline documentation headers.
Container Lifecycle Scripts
entrypoint.sh
Container entrypoint dispatched by tini. Validates operating mode, checks for credentials in the PVC (from a previous /login), stages DevOps skills from /opt/ into the PVC, generates CLAUDE.md with cluster context, then exec's into Claude Code.
Modes: interactive (REPL), remote-control (phone/web access), headless (one-shot prompt with JSON output).
CLAUDE_TEST_MODE bypass: Skips auth and Claude startup, runs sleep infinity for CI.
healthcheck.sh
Liveness probe for both Docker HEALTHCHECK and Kubernetes exec probe. Uses pgrep -f "claude" to check if the Claude Code process is running. Lightweight -- single pgrep call.
Exit codes: 0 = alive (or CLAUDE_TEST_MODE=true), 1 = no Claude process found (container restarted).
readiness.sh
Kubernetes readiness probe. Runs claude auth status to verify the session credentials are valid.
Exit codes: 0 = authenticated and ready (or CLAUDE_TEST_MODE=true), 1 = not authenticated. Probe periodSeconds should be 30s+ to avoid overlapping auth-check subprocesses.
generate-claude-md.sh
Generates /app/CLAUDE.md at container startup by querying the Kubernetes API for cluster metadata (K8s version, node count, namespace, pod name). Runs idempotently on every start via entrypoint.sh.
Standalone fallback: If no ServiceAccount token exists (Docker Compose or local Docker), writes a minimal CLAUDE.md without cluster context.
Build & Verification Scripts
verify-tools.sh
Validates all 32+ installed tools. Run during the Docker build (RUN verify-tools.sh) and available at runtime for on-demand checks. Tests are organized by category: network, process/system, Kubernetes, data/log, database clients, security, standard utilities, and Claude Code.
Privileged tools (strace, tcpdump, perf, bpftrace) are checked for binary existence only (SKIP, not FAIL) since they require elevated capabilities.
helm-golden-test.sh
Golden file testing for the Helm chart. Renders helm template output and compares against stored golden files in helm/claude-in-a-box/tests/golden/. Any difference indicates an unintended change to the chart's rendered output, catching regressions from template logic changes.
Cluster Setup Scripts
install-calico.sh
Installs Calico CNI into a KIND cluster for NetworkPolicy enforcement. Handles the full lifecycle: install tigera-operator, wait for CRDs, apply custom resources, fix Felix Reverse Path Filtering for KIND nodes (FELIX_IGNORELOOSERPF=true), and restart CoreDNS to recover from pre-CNI scheduling.
setup-bats.sh
Installs BATS (Bash Automated Testing System) for local development. Clones bats-core into tests/bats/ and adds it to .gitignore. Not used in CI -- the CI workflow installs BATS via apt-get install bats.
Script Summary
| Script | Category | Used In | Purpose |
|---|---|---|---|
| entrypoint.sh | Lifecycle | Container | Validate auth, stage skills, dispatch to Claude mode |
| healthcheck.sh | Lifecycle | Container | Liveness probe (pgrep -f claude) |
| readiness.sh | Lifecycle | Container | Readiness probe (claude auth status) |
| generate-claude-md.sh | Lifecycle | Container | Generate CLAUDE.md with K8s cluster context |
| verify-tools.sh | Build | Container, CI | Validate all 32+ installed tools |
| helm-golden-test.sh | Build | Local Dev, CI | Golden file testing for Helm chart templates |
| install-calico.sh | Cluster Setup | Local Dev, CI | Install Calico CNI into KIND for NetworkPolicy |
| setup-bats.sh | Cluster Setup | Local Dev | Install BATS test framework locally |