Skip to content

Migrate Claude harness from builtin to container-script provisioning#109

Closed
scion-gteam[bot] wants to merge 1 commit into
mainfrom
scion/cleanup-container-script-provisioning
Closed

Migrate Claude harness from builtin to container-script provisioning#109
scion-gteam[bot] wants to merge 1 commit into
mainfrom
scion/cleanup-container-script-provisioning

Conversation

@scion-gteam
Copy link
Copy Markdown

@scion-gteam scion-gteam Bot commented May 31, 2026

Summary

  • Migrate the Claude harness from the compiled-in builtin provisioner to the extensible container-script model, matching what OpenCode and Codex already use
  • Add provision.py for Claude that handles auth resolution, API key pre-approval, project path setup, and MCP server translation
  • Add comprehensive parity tests and Python integration tests

Refs #100

What changed

pkg/harness/claude/embeds/config.yaml: Changed provisioner.type from builtin to container-script and added MCP capabilities block.

pkg/harness/claude/embeds/provision.py (new): Container-side provisioner script handling:

  • Auth resolution with Claude's 4-way precedence (API key → OAuth token → auth-file → Vertex AI)
  • API key pre-approval fingerprint in .claude.json (mirrors ClaudeCode.ApplyAuthSettings)
  • Project workspace path setup in .claude.json (mirrors ClaudeCode.provisionClaudeJSON)
  • MCP server translation using scion_harness.apply_mcp_servers_simple()
  • Auth env var overlay output for the runtime

pkg/harness/claude_parity_test.go (new): 11 tests covering:

  • Seed/embed verification (TestClaudeEmbedsSeedRootSupportFiles)
  • Activate-script idempotency (TestClaudeActivateScriptIsIdempotent)
  • ContainerScriptHarness vs ClaudeCode parity (TestClaudeContainerScriptHarnessParity)
  • Bundle staging and reconciliation
  • Python script integration: happy path, no-creds, API key approval, Vertex AI, MCP

What remains (tracked in #100)

  • Gemini harness: Still on builtin; needs its own provision.py (follow-up PR)
  • Retire builtin path: Once all harnesses migrate, remove newBuiltin() from resolve.go and the compiled provisioning methods

The compiled ClaudeCode harness is intentionally kept as a fallback for existing installations that haven't upgraded their harness-config.

Test plan

  • All 11 new parity/integration tests pass
  • All existing Claude tests still pass (no regressions)
  • All other harness tests pass (OpenCode, Codex, Gemini parity tests)
  • go vet ./pkg/harness/... clean
  • go build ./... succeeds

@ptone
Migrate Claude harness from builtin to container-script provisioning
a7d5732 
Move the Claude harness from the compiled-in builtin provisioner to the
extensible container-script model, matching what OpenCode and Codex
already use. This is the first concrete step in retiring the builtin
provisioner path (refs #100).

The container-side provision.py handles:
- Auth resolution with Claude's 4-way precedence
  (API key → OAuth token → auth-file → Vertex AI)
- API key pre-approval fingerprint in .claude.json
- Project workspace path setup in .claude.json
- MCP server translation via scion_harness helper
- Auth env var overlay output for the runtime

The compiled ClaudeCode harness is kept intact as a fallback for
existing installations that haven't upgraded their harness-config.

Includes parity tests and Python integration tests that verify the
script produces identical outputs to the compiled harness.
@ptone ptone closed this May 31, 2026
@ptone
Copy link
Copy Markdown
Owner

ptone commented May 31, 2026

This pull request has been recreated on the target repository as GoogleCloudPlatform#279.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ptone