# opencode-devbox Portable AI developer environment in a Docker container. Run [opencode](https://opencode.ai) on any Docker-capable machine with configurable LLM providers, dev tools, and host filesystem access. ## Why? The official `ghcr.io/anomalyco/opencode` image (now archived) was Alpine-based and minimal — no git, no dev tools, broken PTY support due to musl/glibc incompatibility. This project provides a **Debian-based, production-ready** alternative using the current v1.x release. ## Quick Start ```bash # Clone git clone ssh://gitea.jordbo.se:2222/joakimp/opencode-devbox.git cd opencode-devbox # Configure cp .env.example .env # Edit .env with your provider, API key, workspace path, git config # Build and run docker compose run --rm devbox ``` ## Features - **Debian bookworm** base — glibc, full PTY/terminal support - **Configurable providers** — Anthropic, OpenAI, AWS Bedrock via env vars - **Host filesystem access** — bind mount any directory as `/workspace` - **SSH key forwarding** — git push/pull to private repos - **MCP server support** — Node.js included for `npx`-based MCP servers - **Non-root user** — runs as `developer` (UID 1000) with sudo - **Optional runtimes** — Python, Go via build args (Node.js always included — required for opencode v1.x) - **AWS CLI v2** — built-in SSO/Bedrock authentication with headless device-code flow - **Multi-arch** — amd64 and arm64 ## Configuration ### Environment Variables | Variable | Description | Default | |---|---|---| | `OPENCODE_PROVIDER` | LLM provider (`anthropic`, `openai`, `amazon-bedrock`) | `anthropic` | | `OPENCODE_MODEL` | Model override | Provider default | | `ANTHROPIC_API_KEY` | Anthropic API key | — | | `OPENAI_API_KEY` | OpenAI API key | — | | `AWS_REGION` | AWS region for Bedrock | `us-east-1` | | `GIT_USER_NAME` | Git commit author name | — | | `GIT_USER_EMAIL` | Git commit author email | — | | `WORKSPACE_PATH` | Host path to mount | `.` | | `SSH_KEY_PATH` | Host SSH key directory | `~/.ssh` | ### Custom opencode config Mount your own `opencode.json` for full control (MCP servers, custom models, etc.): ```yaml volumes: - ./my-opencode.json:/home/developer/.config/opencode/opencode.json:ro ``` ### Build Args Enable optional language runtimes: ```bash docker compose build --build-arg INSTALL_PYTHON=true --build-arg INSTALL_GO=true ``` | Arg | Default | Description | |---|---|---| | `INSTALL_PYTHON` | `false` | Python 3 + pip + venv | | `INSTALL_GO` | `false` | Go toolchain | ## AWS Bedrock Authentication When using AWS Bedrock as your LLM provider, you need to authenticate via AWS SSO from inside the container. Since the container runs headless (no browser), use the device-code flow: ```bash # Start the container interactively docker compose run --rm devbox bash # Authenticate — prints a URL and code you open in your local browser aws sso login --sso-session --use-device-code # Once approved in the browser, start opencode opencode ``` The `--use-device-code` flag outputs a URL and short code instead of trying to open a browser. Copy the URL into any browser (on your laptop, phone, etc.), enter the code, and complete the 2FA flow. The CLI in the container picks up the session automatically. SSO sessions typically last 8–12 hours before requiring re-authentication. ## Architecture ``` Host Machine ├── ~/projects/my-app ──bind mount──▶ /workspace (container) ├── ~/.ssh ──bind mount──▶ /home/developer/.ssh (ro) └── .env ──env vars───▶ provider config + API keys Container (Debian bookworm) ├── opencode binary ├── AWS CLI v2 (SSO + Bedrock auth) ├── git, ssh, ripgrep, fd, jq, curl, fzf ├── Node.js (for MCP servers) ├── entrypoint.sh (SSH perms, git config, provider setup) └── /workspace ← your code lives here ``` ## License MIT