docs(docker): warn that mounting host ~/.claude leaks a billable token; note scoped-credential direction

[OGtwelve]

Summary

Addresses the documentation/safety half of #100. docs/docker.md currently presents bind-mounting a human operator's ~/.claude as the standard auth method, with no warning that this shares a billable OAuth bearer token into the container (the agent runs as — and bills — that person, and the token can't be scoped or rotated per consumer).

Changes

• docs/docker.md — adds a prominent warning at the Quick Start and the Claude Credentials section, and a new Authentication direction subsection documenting the target: authenticate unattended/multi-consumer deployments through a central Claude proxy with a scoped, rotatable per-consumer credential — never a human's subscription token. The bind-mount is reframed as a local-only stopgap.

Note

Removing the bind-mount outright (and wiring the scoped-credential auth) requires the proxy auth path to exist, so this PR covers the docs/safety portion only.

Refs #100

Summary by CodeRabbit

• Documentation
  • Expanded Docker setup guidance with clearer security warnings about mounting local credentials.
  • Added stronger notes for shared, unattended, and multi-tenant environments to help avoid exposing billable tokens.
  • Clarified the recommended authentication approach for broader deployments and emphasized that the sample bind-mount is intended for local use only.

[coderabbitai]

Important

Review skipped

No new commits to review since the last review.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 1121b80f-4eba-478a-92bc-36f353b1c72b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

docs/docker.md receives expanded security guidance in three places: a new warning in the Quick Start section, a rewritten Claude Credentials subsection, and an expanded Security Note/Authentication Direction block — all emphasizing OAuth token leakage risks from ~/.claude bind-mounts and directing unattended/multi-consumer deployments toward a central Claude proxy with scoped, rotatable credentials.

Changes

Docker Credentials Security Documentation

Layer / File(s)

Summary

OAuth token risk warnings and proxy credential guidance docs/docker.md

Adds [!WARNING] blocks in the Quick Start, Claude Credentials, and Security Note/Authentication Direction sections. Warns that mounting ~/.claude exposes a human's subscription OAuth token on shared/unattended hosts, restricts the bind-mount to local single-operator use, and describes authenticating unattended deployments via a central Claude proxy with per-consumer scoped and rotatable credentials.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related issues

• developerz-ai/venom.is#30: Directly addresses the same ~/.claude bind-mount pattern and the push toward scoped, rotatable proxy credentials — the documentation changes in this PR reflect exactly that concern.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly matches the doc update: it warns about host ~/.claude token leakage and points to scoped credentials.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/docker-no-host-claude-mount-100

---

_{Comment @coderabbitai help to get the list of available commands.}

[OGtwelve]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.