makerprism · makerprism-bot · Mar 3, 2026 · Mar 3, 2026
diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml
@@ -31,6 +31,10 @@ jobs:
             context: images/backend-builder-base
             file: images/backend-builder-base/Dockerfile
             version_file: images/backend-builder-base/VERSION
+          - image_name: coding-agent-base
+            context: images/coding-agent-base
+            file: images/coding-agent-base/Dockerfile
+            version_file: images/coding-agent-base/VERSION
 
     permissions:
       contents: read

diff --git a/images/coding-agent-base/Dockerfile b/images/coding-agent-base/Dockerfile
@@ -0,0 +1,46 @@
+# coding-agent-base
+# Base image for AI coding agents (Claude Code, OpenCode, Codex, etc.)
+#
+# Purpose: Provide a consistent, isolated environment for coding agents
+# that can be used to work on repositories safely.
+#
+# Security features:
+# - No host filesystem access (use volume mounts)
+# - Minimal attack surface (Alpine-based)
+# - No privileged operations
+# - Network access configurable at runtime
+
+ARG NODE_VERSION=20.20.0
+ARG ALPINE_VERSION=3.22
+FROM node:${NODE_VERSION}-alpine${ALPINE_VERSION}
+
+# Install core tools
+RUN apk add --no-cache \
+        bash \
+        build-base \
+        ca-certificates \
+        curl \
+        git \
+        jq \
+        openssh-client \
+        pkgconf \
+        tar \
+        unzip \
+        xz \
+        zstd \
+    && rm -rf /var/cache/apk/*
+
+# Install GitHub CLI
+RUN apk add --no-cache github-cli
+
+# Create non-root user for safety
+RUN addgroup -S agent && adduser -S agent -G agent
+
+# Set up workspace
+WORKDIR /workspace
+
+# Agent runs as non-root by default
+USER agent
+
+# Default to bash for interactive use
+CMD ["/bin/bash"]
diff --git a/images/coding-agent-base/README.md b/images/coding-agent-base/README.md
@@ -0,0 +1,76 @@
+# coding-agent-base
+
+Base image for AI coding agents (Claude Code, OpenCode, Codex, etc.)
+
+## Purpose
+
+Provide a consistent, isolated environment for coding agents that can work on repositories safely.
+
+## Includes
+
+- Alpine Linux 3.22
+- Node.js 20.20.0
+- Git
+- GitHub CLI (`gh`)
+- Build toolchain (`build-base`)
+- SSH client (for git over SSH)
+- Common utilities (`curl`, `jq`, `tar`, etc.)
+
+## Security Features
+
+- Non-root user (`agent`) by default
+- No host filesystem access (use volume mounts)
+- Minimal attack surface (Alpine-based)
+- No privileged operations
+
+## Usage
+
+### Basic run with volume mount
+
+```bash
+docker run -it --rm \
+  -v /path/to/repo:/workspace \
+  -e ANTHROPIC_API_KEY=your-key \
+  ghcr.io/makerprism/coding-agent-base:1.0.0 \
+  /bin/bash
+```
+
+### With OpenCode
+
+```bash
+docker run -it --rm \
+  -v /path/to/repo:/workspace \
+  -e ANTHROPIC_API_KEY=your-key \
+  ghcr.io/makerprism/coding-agent-base:1.0.0 \
+  npx opencode-ai
+```
+
+### With Claude Code
+
+```bash
+docker run -it --rm \
+  -v /path/to/repo:/workspace \
+  -e ANTHROPIC_API_KEY=your-key \
+  ghcr.io/makerprism/coding-agent-base:1.0.0 \
+  npx @zed-industries/claude-agent-acp
+```
+
+## Customizing
+
+For project-specific needs, extend this image:
+
+```dockerfile
+FROM ghcr.io/makerprism/coding-agent-base:1.0.0
+
+# Add OCaml toolchain
+USER root
+RUN apk add --no-cache ocaml opam
+USER agent
+
+# Install additional npm tools
+RUN npm install -g some-tool
+```
+
+## Versioning
+
+See [VERSION](./VERSION) file. Follows semantic versioning.
diff --git a/images/coding-agent-base/VERSION b/images/coding-agent-base/VERSION
@@ -0,0 +1 @@
+1.0.0