Produce a hardened Docker image variant for Harper (in addition to the standard image), with a minimal base (distroless or equivalent) — eliminating shell, package manager, and other tooling commonly used in container exploits.
Background
Discussed in the internal Slack thread. Tradeoff is that a hardened image removes features Harper currently uses at runtime (or operators use for debugging), so it requires careful evaluation and may need code changes to keep working without them.
Asks
- Audit which Linux userspace tools Harper currently invokes at runtime (subprocess calls, package downloads, etc.) and decide which can be removed vs. replaced.
- Produce a hardened image (e.g.
harperfast/harper:X.Y.Z-hardened) in the standard release pipeline alongside the existing image.
- Document the tradeoffs: what's removed, what operators can/can't do inside the container, debug workflow with no shell.
Acceptance criteria
- Hardened image is published as a release artifact.
- All integration tests pass against the hardened image.
- Documented in the docker/install guide.
Notes
- GPU image (CUDA) is a separate concern (see CORE-3077) — likely can't be hardened in the same way.
- The existing Dockerfile is in
Dockerfile at the repo root.
Tracked in Jira: CORE-3023
🤖 Filed by Claude on behalf of Kris.
Produce a hardened Docker image variant for Harper (in addition to the standard image), with a minimal base (distroless or equivalent) — eliminating shell, package manager, and other tooling commonly used in container exploits.
Background
Discussed in the internal Slack thread. Tradeoff is that a hardened image removes features Harper currently uses at runtime (or operators use for debugging), so it requires careful evaluation and may need code changes to keep working without them.
Asks
harperfast/harper:X.Y.Z-hardened) in the standard release pipeline alongside the existing image.Acceptance criteria
Notes
Dockerfileat the repo root.Tracked in Jira: CORE-3023
🤖 Filed by Claude on behalf of Kris.