Feat | Remove docker dependency

CLAUDE.md

@@ -0,0 +1,237 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Development Commands
+
+### Setup
+- `poetry install --with=dev --with=main` - Install all dependencies including dev tools
+- `poetry shell` - Activate virtual environment for development
+
+### Testing
+- `poetry run pytest` - Run unit tests
+- `poetry run pytest --verbose --cov=./ --cov-report=xml` - Run unit tests with coverage
+- `make test-unit` - Run unit tests in Docker (with coverage)
+- `make test-unit-no-cov` - Run unit tests in Docker (no coverage)
+- `make test-int` - Run integration tests using bats in Docker
+- `make tests` - Run full test suite (unit + integration)
+
+### Code Quality
+- `poetry run black .` - Format code with Black (line length: 120)
+- `poetry run pylint leverage/` - Run linting
+- `poetry run pre-commit install` - Install pre-commit hooks
+- `poetry run pre-commit run --all-files` - Run pre-commit checks manually
+
+### Build and Distribution
+- `make build` - Build distributables (cleans first)
+- `make check` - Check distributables with twine
+- `poetry build` - Build package using Poetry
+- `make clean` - Clean build artifacts
+
+### Docker
+- `make build-image` - Build Docker testing image
+- All test commands can run in Docker using the testing image
+
+## Architecture
+
+Leverage CLI is a Python-based command-line tool for managing Binbash Leverage projects. It uses host-based execution to run infrastructure tools directly on the system.
+
+### Core Structure
+- `leverage/leverage.py` - Main CLI entry point using Click framework
+- `leverage/modules/` - Command modules (aws, terraform, kubectl, etc.)
+- `leverage/modules/runner.py` - Generic binary runner base class
+- `leverage/modules/tfrunner.py` - Terraform/OpenTofu-specific runner
+- `leverage/conf.py` - Configuration loading from build.env files
+- `leverage/tasks.py` - Task system for build scripts
+- `leverage/path.py` - Path utilities and git repository handling
+
+### Key Components
+- **Module System**: Commands are organized in modules under `leverage/modules/`
+- **Host-Based Execution**: Direct execution of system binaries (terraform, tofu, kubectl, etc.)
+- **Runner Architecture**: Generic Runner class with specialized subclasses (TFRunner)
+- **Configuration Management**: Hierarchical loading of build.env files
+- **Task System**: Decorator-based task definition system for build scripts
+- **AWS Integration**: Extensive AWS credential and service management via SSO/MFA
+
+### Command Structure
+The CLI follows this pattern:
+```
+leverage [global-options] <module> <subcommand> [args]
+```
+
+Key modules include:
+- `project` - Project initialization and management
+- `terraform`/`tf`/`tofu` - Terraform/OpenTofu operations
+- `aws` - AWS service interactions
+- `credentials` - Credential management
+- `kubectl`/`kc` - Kubernetes operations
+- `run` - Custom task execution
+- `shell` - Interactive shell access
+
+### Version Management
+- Supports Python 3.9-3.13
+- Version defined in `leverage/__init__.py`
+- Binary version validation on initialization (for TFRunner)
+
+### Configuration
+- Uses `build.env` files for project configuration
+- Hierarchical loading from project root to current directory
+- Environment-specific overrides supported
+
+## Execution Architecture
+
+The CLI executes infrastructure tools directly on the host system using the Runner architecture.
+
+### Core Runner Classes
+
+#### Runner (`leverage/modules/runner.py`)
+Generic command runner base class:
+- **Purpose**: Provides common execution functionality for all binary runners
+- **Binary Discovery**: Searches for binaries in PATH or accepts absolute paths
+- **Environment Management**: Merges instance-level and run-time environment variables
+- **Execution Modes**:
+  - `run()` - Interactive execution (returns exit code) or silent (returns exit code, stdout, stderr)
+  - `exec()` - Convenience method for non-interactive execution with output capture
+- **Working Directory**: Supports execution in any specified directory
+- **Validation**: Automatic binary existence validation on initialization
+
+#### TFRunner (`leverage/modules/tfrunner.py`)
+Terraform/OpenTofu-specific runner extending Runner:
+- **Binaries**: Uses system-installed `terraform` or `tofu` binaries
+- **Configuration**: Accepts `terraform=True` for Terraform, defaults to OpenTofu
+- **Binary Validation**: Validates binary type by checking `--version` output
+  - Ensures `tofu` binary is actually OpenTofu (not Terraform)
+  - Ensures `terraform` binary is actually Terraform (not OpenTofu)
+- **Error Messages**: Provides installation URLs when binaries are not found
+  - Terraform: https://developer.hashicorp.com/terraform/install
+  - OpenTofu: https://opentofu.org/docs/intro/install/
+- **Environment Variables**: Initialized with AWS credential file paths via `env_vars` parameter
+
+### Command Modules
+
+#### Terraform/OpenTofu Commands (`leverage/modules/tf.py`)
+
+**CLI Entry Points**:
+- `tofu` - Creates TFRunner with OpenTofu binary (`tofu`)
+- `terraform` - Creates TFRunner with Terraform binary (`terraform`)
+- Both set up credential environment variables for AWS config and credentials files
+
+**Command Decorators**:
+- `@pass_runner` - Injects TFRunner instance from Click context
+- `@pass_paths` - Injects PathsHandler instance for file/directory management
+
+**Supported Commands**:
+- `init` - Layer initialization with backend configuration injection
+- `plan` - Execution plan generation with auto-discovered tfvars
+- `apply` - Infrastructure changes with conditional tfvars injection
+- `destroy` - Infrastructure destruction
+- `output` - Output variable display
+- `version` - Binary version display
+- `format` - Code formatting (recursive by default)
+- `force-unlock` - State file lock removal
+- `validate` - Configuration validation
+- `validate-layout` - Leverage convention validation
+- `import` - Resource import
+- `refresh-credentials` - AWS credential refresh
+
+**Multi-Layer Support**:
+- `--layers` option for operating on multiple layers from account directory
+- Layer validation and backend key management via `invoke_for_all_commands()`
+- Automatic backend key generation based on layer path structure
+
+#### Kubectl Commands (`leverage/modules/kubectl.py`)
+
+Uses generic Runner class to execute `kubectl` binary:
+- **Binary**: System-installed `kubectl`
+- **Configuration**: Sets KUBECONFIG environment variable to project-specific path
+- **AWS Integration**: Configures kubectl contexts for EKS clusters
+- **Commands**:
+  - `configure` - Add EKS cluster from current layer to kubectl config
+  - `discover` - Scan for cluster metadata files and configure selected cluster
+- All other kubectl commands pass through to the binary
+
+#### TFAutomv Commands (`leverage/modules/tfautomv.py`)
+
+Uses generic Runner class to execute `tfautomv` binary:
+- **Binary**: System-installed `tfautomv`
+- **Configuration**: Passes terraform binary path via `--terraform-bin` flag
+- **Integration**: Uses same tfvars discovery as Terraform/OpenTofu commands
+
+### Authentication Management (`leverage/modules/auth.py`)
+
+#### SSO Authentication
+
+**Token Validation** (`check_sso_token()`):
+- Validates SSO token existence in cache directory (`~/.aws/sso/cache/<sso_role>`)
+- Checks token expiration against current time
+- Provides clear error messages for missing or expired tokens
+
+**Credential Refresh** (`refresh_layer_credentials()`):
+- Parses Terraform files to discover required AWS profiles
+- Uses boto3 SSO client to retrieve temporary credentials
+- Updates AWS config file with credential expiration timestamps
+- Writes temporary credentials to AWS credentials file
+- Implements 30-minute early renewal to avoid mid-operation expiration
+- Supports cross-account profile resolution
+
+**Profile Discovery** (`get_profiles()`):
+- Scans `config.tf`, `locals.tf`, `runtime.tf` for profile references
+- Extracts profile variables from Terraform configurations
+- Reads backend profile from `backend.tfvars`
+
+### Configuration Management
+
+#### Automatic tfvars Discovery (`tf_default_args()`):
+- Discovers all `*.tfvars` files in `common/` directory
+- Discovers all `*.tfvars` files in account-specific directory
+- Returns as `-var-file=<path>` arguments for Terraform/OpenTofu
+- Used automatically in plan, destroy, validate, and conditionally in apply
+
+#### Backend Configuration:
+- Backend config file path injected during `init` command
+- Automatic backend key generation in `invoke_for_all_commands()`
+- Backend key validation in `validate_layout()`
+- Support for legacy naming conventions (tf- vs terraform-, base- vs tools-)
+
+### Execution Flow
+
+#### Standard Command Execution
+1. User runs `leverage tofu|terraform <command> [args]`
+2. Click creates TFRunner instance with credential environment variables
+3. Command function decorated with `@pass_runner` and `@pass_paths`
+4. Authentication check via `check_sso_token(paths)`
+5. Credential refresh via `refresh_layer_credentials(paths)`
+6. TFRunner.run() executes binary with:
+   - Merged environment variables (instance + runtime)
+   - Specified working directory
+   - Auto-discovered tfvars (for applicable commands)
+   - User-provided arguments
+7. Exit code returned to CLI
+
+#### Multi-Layer Execution
+1. User runs command with `--layers layer1,layer2` from account directory
+2. `invoke_for_all_commands()` validates all layers
+3. Backend keys generated/validated for each layer
+4. Command executed sequentially for each layer with layer-specific working directory
+
+### System Requirements
+
+For full functionality, ensure the following binaries are installed and available in PATH:
+
+**Required**:
+- `terraform` or `tofu` - For Terraform/OpenTofu operations
+- `aws` - AWS CLI for SSO authentication (via boto3)
+- Python 3.9-3.13
+
+**Optional**:
+- `kubectl` - For Kubernetes operations
+- `tfautomv` - For TFAutomv operations
+
+### Benefits of Current Architecture
+
+- **Performance**: Direct binary execution without overhead
+- **Flexibility**: Use any installed tool version (including custom builds)
+- **IDE Integration**: Better debugging and tooling support
+- **Simplicity**: Standard environment variables and execution
+- **Plugin Compatibility**: Native Terraform/OpenTofu plugin caching
+- **Development Speed**: Faster iteration during development

leverage/__init__.py

@@ -5,12 +5,6 @@
 # pylint: disable=wrong-import-position
 
 __version__ = "0.0.0"
-__toolbox_version__ = "1.3.5-0.2.0"
-
-MINIMUM_VERSIONS = {
-    "TERRAFORM": "1.3.5",
-    "TOOLBOX": "0.2.4",
-}
 
 import sys
 from shutil import which