From f97725a8360efca4d4202b49972da6074684a58e Mon Sep 17 00:00:00 2001
From: Kevin Stubbings <kwstubbs@github.com>
Date: Thu, 9 Oct 2025 00:56:54 -0700
Subject: [PATCH 1/2] Add devcontainer

---
 .devcontainer/Dockerfile        | 15 ++++++++
 .devcontainer/devcontainer.json | 62 +++++++++++++++++++++++++++++++++
 .devcontainer/post-create.sh    | 61 ++++++++++++++++++++++++++++++++
 3 files changed, 138 insertions(+)
 create mode 100644 .devcontainer/Dockerfile
 create mode 100644 .devcontainer/devcontainer.json
 create mode 100644 .devcontainer/post-create.sh

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
new file mode 100644
index 0000000..fa30c2e
--- /dev/null
+++ b/.devcontainer/Dockerfile
@@ -0,0 +1,15 @@
+# Use Ubuntu 24.04 as base image to match the current environment
+FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04
+
+# Install system dependencies
+# Note: Python and Git are installed via devcontainer features
+RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y install --no-install-recommends \
+    build-essential \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set working directory
+WORKDIR /workspaces/seclab-taskflow-agent
+
+# The rest of the setup will be done in post-create script
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
new file mode 100644
index 0000000..0788011
--- /dev/null
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,62 @@
+{
+  "name": "Seclab Taskflow Agent",
+  "build": {
+    "dockerfile": "Dockerfile",
+    "context": ".."
+  },
+  // Features to add to the dev container
+  "features": {
+    "ghcr.io/devcontainers/features/python:1": {
+      "version": "3.11",
+      "installTools": true
+    },
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {
+      "version": "latest",
+      "dockerDashComposeVersion": "v2"
+    },
+    "ghcr.io/devcontainers/features/git:1": {
+      "version": "latest"
+    },
+    "ghcr.io/devcontainers/features/github-cli:1": {
+      "version": "latest"
+    }
+  },
+  // Configure tool-specific properties
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "ms-python.python",
+        "ms-python.vscode-pylance",
+        "redhat.vscode-yaml",
+        "GitHub.copilot",
+        "GitHub.copilot-chat",
+        "ms-azuretools.vscode-docker"
+      ],
+      "settings": {
+        "python.defaultInterpreterPath": "${workspaceFolder}/.venv/bin/python",
+        "python.terminal.activateEnvironment": true
+      }
+    }
+  },
+  // Use 'forwardPorts' to make a list of ports inside the container available locally
+  "forwardPorts": [],
+  // Use 'postCreateCommand' to run commands after the container is created
+  "postCreateCommand": "bash .devcontainer/post-create.sh",
+  // Use 'postStartCommand' to run commands when the container starts
+  // "postStartCommand": "",
+  // Environment variables
+  "containerEnv": {
+    "PYTHONUNBUFFERED": "1"
+  },
+  // Mount the Docker socket for Docker-in-Docker functionality
+  "mounts": [
+    "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind"
+  ],
+  // Set the user to use in the container (non-root)
+  "remoteUser": "vscode",
+  // Grant the container access to the host's Docker daemon
+  "runArgs": [
+    "--privileged",
+    "--init"
+  ]
+}
\ No newline at end of file
diff --git a/.devcontainer/post-create.sh b/.devcontainer/post-create.sh
new file mode 100644
index 0000000..5958819
--- /dev/null
+++ b/.devcontainer/post-create.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+set -e
+
+echo "🚀 Setting up Seclab Taskflow Agent development environment..."
+
+# Create Python virtual environment
+echo "📦 Creating Python virtual environment..."
+python3 -m venv .venv
+
+# Activate virtual environment and install dependencies
+echo "📥 Installing Python dependencies..."
+source .venv/bin/activate
+python -m pip install --upgrade pip
+python -m pip install -r requirements.txt
+
+# Create .env file if it doesn't exist
+if [ ! -f .env ]; then
+    echo "📝 Creating .env template..."
+    cat > .env << 'EOF'
+# GitHub Copilot Token (required)
+# Get a token from a GitHub account with Copilot access
+COPILOT_TOKEN=
+
+# Optional: GitHub Personal Access Token for GitHub MCP tools
+GITHUB_PERSONAL_ACCESS_TOKEN=
+
+# Optional: CodeQL database base path
+CODEQL_DBS_BASE_PATH=/workspaces/seclab-taskflow-agent/my_data
+
+# Optional: MCP server configurations
+# Add any additional environment variables needed for your MCP servers here
+
+EOF
+    echo "⚠️  Please configure your .env file with required tokens!"
+fi
+
+# If running in Codespaces, add secrets to .env
+if [ -n "$CODESPACES" ]; then
+    echo "🔐 Running in Codespaces - injecting secrets from Codespaces settings..."
+    if [ -n "$COPILOT_TOKEN" ]; then
+        echo "COPILOT_TOKEN=${COPILOT_TOKEN}" >> .env
+        echo "✅ COPILOT_TOKEN added from Codespaces secrets"
+    fi
+    if [ -n "$GITHUB_PERSONAL_ACCESS_TOKEN" ]; then
+        echo "GITHUB_PERSONAL_ACCESS_TOKEN=${GITHUB_PERSONAL_ACCESS_TOKEN}" >> .env
+        echo "✅ GITHUB_PERSONAL_ACCESS_TOKEN added from Codespaces secrets"
+    fi
+fi
+
+# Create logs directory if it doesn't exist
+mkdir -p logs
+
+# Create optional data directories
+mkdir -p my_data
+
+echo "✅ Development environment setup complete!"
+echo ""
+echo "📋 Next steps:"
+echo "Configure your .env file with COPILOT_TOKEN"
+echo ""
+echo "💡 Remember to activate the virtual environment: source .venv/bin/activate"

From 3b30d1b7b6606b0b1f41d6a1b97d28edf73b0027 Mon Sep 17 00:00:00 2001
From: Kevin Stubbings <kwstubbs@github.com>
Date: Thu, 9 Oct 2025 22:33:58 -0700
Subject: [PATCH 2/2] Remove initial docker in docker support and don't
 encourage .env use for secrets

---
 .devcontainer/devcontainer.json |  8 -------
 .devcontainer/post-create.sh    | 38 +++++++++++----------------------
 2 files changed, 13 insertions(+), 33 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 0788011..f4634da 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -10,10 +10,6 @@
       "version": "3.11",
       "installTools": true
     },
-    "ghcr.io/devcontainers/features/docker-in-docker:2": {
-      "version": "latest",
-      "dockerDashComposeVersion": "v2"
-    },
     "ghcr.io/devcontainers/features/git:1": {
       "version": "latest"
     },
@@ -48,10 +44,6 @@
   "containerEnv": {
     "PYTHONUNBUFFERED": "1"
   },
-  // Mount the Docker socket for Docker-in-Docker functionality
-  "mounts": [
-    "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind"
-  ],
   // Set the user to use in the container (non-root)
   "remoteUser": "vscode",
   // Grant the container access to the host's Docker daemon
diff --git a/.devcontainer/post-create.sh b/.devcontainer/post-create.sh
index 5958819..02f7c1a 100644
--- a/.devcontainer/post-create.sh
+++ b/.devcontainer/post-create.sh
@@ -13,38 +13,27 @@ source .venv/bin/activate
 python -m pip install --upgrade pip
 python -m pip install -r requirements.txt
 
+# If running in Codespaces, check for necessary secrets and print error if missing
+if [ -n "$CODESPACES" ]; then
+    echo "🔐 Running in Codespaces - injecting secrets from Codespaces settings..."
+    if [ -n "$COPILOT_TOKEN" ]; then
+        echo "Running in Codespaces - please add COPILOT_TOKEN to your Codespaces secrets"
+    fi
+    if [ -n "$GITHUB_AUTH_HEADER" ]; then
+        echo "Running in Codespaces - please add GITHUB_AUTH_HEADER to your Codespaces secrets"
+    fi
+fi
+
 # Create .env file if it doesn't exist
 if [ ! -f .env ]; then
     echo "📝 Creating .env template..."
     cat > .env << 'EOF'
-# GitHub Copilot Token (required)
-# Get a token from a GitHub account with Copilot access
-COPILOT_TOKEN=
-
-# Optional: GitHub Personal Access Token for GitHub MCP tools
-GITHUB_PERSONAL_ACCESS_TOKEN=
 
 # Optional: CodeQL database base path
 CODEQL_DBS_BASE_PATH=/workspaces/seclab-taskflow-agent/my_data
 
-# Optional: MCP server configurations
-# Add any additional environment variables needed for your MCP servers here
-
 EOF
-    echo "⚠️  Please configure your .env file with required tokens!"
-fi
-
-# If running in Codespaces, add secrets to .env
-if [ -n "$CODESPACES" ]; then
-    echo "🔐 Running in Codespaces - injecting secrets from Codespaces settings..."
-    if [ -n "$COPILOT_TOKEN" ]; then
-        echo "COPILOT_TOKEN=${COPILOT_TOKEN}" >> .env
-        echo "✅ COPILOT_TOKEN added from Codespaces secrets"
-    fi
-    if [ -n "$GITHUB_PERSONAL_ACCESS_TOKEN" ]; then
-        echo "GITHUB_PERSONAL_ACCESS_TOKEN=${GITHUB_PERSONAL_ACCESS_TOKEN}" >> .env
-        echo "✅ GITHUB_PERSONAL_ACCESS_TOKEN added from Codespaces secrets"
-    fi
+    echo "⚠️  Please configure the enviroment or your .env file with required tokens!"
 fi
 
 # Create logs directory if it doesn't exist
@@ -56,6 +45,5 @@ mkdir -p my_data
 echo "✅ Development environment setup complete!"
 echo ""
 echo "📋 Next steps:"
-echo "Configure your .env file with COPILOT_TOKEN"
-echo ""
+echo "Configure your environment with COPILOT_TOKEN and GITHUB_AUTH_HEADER as needed."
 echo "💡 Remember to activate the virtual environment: source .venv/bin/activate"