# Third-Party Licenses

HolyClaude includes third-party software distributed within the Docker image.
Each component retains its original license. HolyClaude's own source code is
licensed under MIT (see LICENSE).

## CloudCLI (@cloudcli-ai/cloudcli)

- License: AGPL-3.0-or-later
- Copyright: CloudCLI UI Contributors
- Homepage: https://cloudcli.ai
- npm: https://www.npmjs.com/package/@cloudcli-ai/cloudcli
- Version: 1.36.0, installed from HolyClaude's vendored source-release tarball

CloudCLI is installed as a standalone program via npm and runs as an
independent process managed by s6-overlay.

### Modification Notice

HolyClaude applies the following CloudCLI patches during the Docker build.
The exact commands are in the Dockerfile, and missing patch anchors fail the
build.

- Self-update guard: blocks CloudCLI's npm update path in both CLI and web API
  surfaces so HolyClaude's patched runtime is not replaced inside a running
  container.
- Codex permission-mode compatibility backport: adds HolyClaude's
  `HOLYCLAUDE_CODEX_CHAT_PERMISSION_MODE` runtime mapping for CloudCLI Codex
  chat, including `default`, `acceptEdits`, and `bypassPermissions` modes.
- Apprise notification bridge: sends CloudCLI Codex run completion and failure
  lifecycle events from CloudCLI's notification orchestrator through
  HolyClaude's existing `/usr/local/bin/notify.py` hook.
- Codex completion guard: keeps provider-normalized Codex `turn_complete`
  events aligned with the successful final completion payload.
- Build-time upstream checks: verify CloudCLI's WebSocket binary-frame handling
  provider model command flow, Codex final exit codes, Apprise call sites, and
  Codex provider completion fields are present in the compiled runtime.

The unmodified upstream package is available from the links above, and the
HolyClaude modifications are visible in the public Dockerfile.

### Bundled CloudCLI Plugins

HolyClaude builds and enables these CloudCLI plugins in the image:

- `project-stats`: https://github.com/cloudcli-ai/cloudcli-plugin-starter,
  pinned to commit `4895cd3fd33362471e739b786493aba048487bcc`.
- `web-terminal`: https://github.com/cloudcli-ai/cloudcli-plugin-terminal,
  pinned to commit `8aa41f614c216d961e7c0d9c3e67982c6b2d9da3`.

Each plugin remains under its upstream license. Inspect the plugin repositories
for their source and license files.

HolyClaude patches the pinned `web-terminal` plugin during the Docker build so
PTY output is decoded safely before it reaches xterm.js, the default terminal
font stack includes broader fallbacks, and WebGL rendering can be disabled per
browser with `localStorage['web-terminal-disable-webgl'] = 'true'`.

## s6-overlay

- License: ISC
- Source: https://github.com/just-containers/s6-overlay
- Version: 3.2.3.0

## OpenSSH

- License: BSD-style
- Source: https://www.openssh.com/
- Debian package: `openssh-client`, `openssh-server`

OpenSSH provides outbound SSH client support and the optional key-only `sshd`
service. HolyClaude keeps `sshd` disabled by default.

## Mosh

- License: GPL-3.0-or-later
- Source: https://mosh.org/
- Debian package: `mosh`

Mosh provides the optional roaming terminal path. HolyClaude gates
`mosh-server` behind `HOLYCLAUDE_MOSH_ENABLE=true`.

## Node.js

- License: MIT
- Source: https://github.com/nodejs/node
- Version: 26.4.0 base image

## Desloppify

- License: OSNL-0.2
- Copyright: Peter O'Malley
- Source: https://github.com/peteromallet/desloppify
- PyPI: https://pypi.org/project/desloppify/
- Version: 1.0, installed in both image variants

Desloppify is installed as a passive CLI. HolyClaude does not run scans,
create `.desloppify/`, or modify project files unless a user runs Desloppify.

## Pi Coding Agent (@earendil-works/pi-coding-agent)

- License: MIT
- Source: https://github.com/earendil-works/pi
- npm: https://www.npmjs.com/package/@earendil-works/pi-coding-agent
- Version: 0.80.3, installed in the full image only

For a complete list of installed packages and their licenses, inspect the
Docker image directly or refer to the Dockerfile.
