Claude Code

Claude Code on Cordium combines terminal-native AI-assisted development with isolated, identity-aware execution environments. Instead of giving the agent direct access to long-lived infrastructure credentials, Cordium integrates with Octelium to provide policy-controlled, secretless access to authorized Services such as Kubernetes clusters, databases, internal APIs, SSH servers, etc... allowing Claude Code to interact with real infrastructure securely without embedding sensitive tokens, passwords, private keys, or kubeconfigs inside the Workspace. All Workspace activity and infrastructure access are emitted via OpenTelemetry-native identity-based application-layer-aware visibility in real-time. Here is an example:

spec:
  image:
    registry:
      url: ubuntu:24.04

  repository:
    url: https://github.com/example/backend

  vars:
    - name: PROMPT
      value: |
        Analyze security-report.txt.
        Fix high-confidence vulnerabilities.
        Re-run the security scan.
        Run all tests against Octelium PostgreSQL database Services
        in the "test" Octelium namespace.
        Summarize the remediations performed.

  runtime:
    autoStop: true
    envVars:
      - key: ANTHROPIC_API_KEY
        fromSecret: anthropic-api-key

    tasks:
      - name: install-tools
        type: ON_CREATE
        run: |
          apt-get update

          apt-get install -y \
            git \
            curl \
            nodejs \
            npm \
            golang-go

          npm install -g @anthropic-ai/claude-code

          go install github.com/securego/gosec/v2/cmd/gosec@latest

      - name: security-scan
        type: POST_START
        run: |
          ~/go/bin/gosec ./... > security-report.txt
        onFailure: ON_FAILURE_CONTINUE

      - name: remediation
        type: POST_START
        run: |
          claude --print "${{ vars.PROMPT }}"

  limit:
    cpu:
      millicores: 4000
    memory:
      megabytes: 8192
    storage:
      megabytes: 30000