From 7fc0c9c0b132e16e008af017f77eaa79ff43fee6 Mon Sep 17 00:00:00 2001
From: h <h@kotikot.com>
Date: Thu, 21 May 2026 12:39:53 +0200
Subject: [PATCH] fix: claude shouldn't reset creds after rebuild now

---
 Dockerfile | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index da89a78..89fb718 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -42,11 +42,20 @@ COPY --from=oven/bun:1-slim /usr/local/bin/bun /usr/local/bin/bun
 RUN ln -s /usr/local/bin/bun /usr/local/bin/bunx
 
 # `--trust` is required: without it bun skips the postinstall step that
-# fetches claude's native binary (anthropics/claude-code#50203).
+# fetches claude's native binary (anthropics/claude-code#50203). The
+# postinstall itself is bun's smoke check — if it fails the layer
+# fails. We deliberately DO NOT run `claude --version` here: claude
+# touches `$HOME` on every invocation (creates `/root/.claude/`,
+# `/root/.claude.json`, sometimes `/root/.config/claude/`), and those
+# build-time artifacts seed the runtime named-volume `claude-home`
+# with stale "haven't onboarded" state, so the user gets re-prompted
+# for trust/bypass dialogs on every rebuild and the subscription auth
+# can land on a tainted credential file.
 ENV BUN_INSTALL=/usr/local/bun-global \
     PATH=/usr/local/bun-global/bin:/app/.venv/bin:$PATH
 RUN bun install -g --trust @anthropic-ai/claude-code \
- && claude --version
+ && test -x "$(command -v claude)" \
+ && rm -rf /root/.claude /root/.claude.json /root/.config/claude
 
 COPY --from=builder /app/.venv /app/.venv
 COPY --from=builder /app /app