# Enterprise & Corporate Environment Enhancements for Maestro

[kisnandor2]

Notes from me:

• written by @claude
• tested by me
• .aws folder mount might not be the best approach (probably making a copy is safer)
• probably has bugs and limitations but I don't care as long as it works
• highly customized for in house support but can be useful for other people as well

Summary

This PR adds comprehensive support for corporate/enterprise environments, AWS Bedrock, and Android development, making Maestro work seamlessly behind corporate proxies, VPNs, and with AWS authentication instead of direct Anthropic API access.

Key Features

• AWS Bedrock Support - Use Claude via AWS Bedrock instead of direct Anthropic API
• Corporate Proxy/VPN Support - Internal DNS routing for Zscaler, corporate VPNs, etc.
• SSL Certificate Management - Automatic import of corporate CA certificates into containers (system trust store + Java keystore)
• SSH Agent Forwarding - Secure git authentication without exposing private keys
• Android Development Support - Java JDK 17, Gradle 8.13, and host Android SDK mounting
• Git User Configuration - Configure git identity for commits inside containers
• Daemon Auto-Start - TUI automatically starts the notification daemon
• Configurable Notifications - Faster attention notifications with customizable thresholds
• Linux Notifications Fix - Proper notify-send argument ordering

Changes

AWS Bedrock Integration

• New aws and bedrock config sections in cmd/root.go
• Automatic AWS SSO login flow via maestro auth in cmd/auth.go
• Mount AWS credentials (~/.aws) into containers (read-write for SSO token refresh)
• Set environment variables: AWS_PROFILE, AWS_REGION, CLAUDE_CODE_USE_BEDROCK=1, ANTHROPIC_MODEL
• Skip credential check in TUI when Bedrock is enabled (pkg/tui/model.go)
• AWS domains added to default firewall whitelist: sts.amazonaws.com, bedrock.amazonaws.com, bedrock-runtime.amazonaws.com, *.amazonaws.com, *.awsapps.com

Corporate Network Support

• firewall.internal_dns - Route internal domains through corporate DNS server
• firewall.internal_domains - List of internal domains to route
• Internal DNS configuration written to /etc/internal-dns.txt and /etc/internal-domains.txt
• Wildcard subdomain routing via dnsmasq in init-firewall.sh
• Host SSL certificates automatically mounted for HTTPS inspection

SSL Certificate Management

• ssl.certificates_path config option (default: ~/.maestro/certificates)
• New CertificatesDir() function in pkg/paths/paths.go
• Certificates automatically imported into:
  • System trust store via update-ca-certificates
  • Java keystore (/usr/local/jdk-17.0.2/lib/security/cacerts)
• Keystore password randomized after import for security
• Environment variables set: NODE_EXTRA_CA_CERTS, SSL_CERT_FILE, CURL_CA_BUNDLE, REQUESTS_CA_BUNDLE
• Container startup script installs custom CA if mounted (docker/container-startup.sh)

SSH Agent Forwarding

• ssh.enabled config option
• Forwards SSH_AUTH_SOCK into containers at /ssh-agent
• Private keys never leave the host machine
• Warning displayed if SSH_AUTH_SOCK not set

Android Development Support

Docker Image Changes (docker/Dockerfile)

• Java JDK 17 - OpenJDK 17.0.2 installed with proper architecture detection (amd64/arm64)
• Gradle 8.13 - Latest Gradle for Android builds
• Environment variables: JAVA_HOME, GRADLE_HOME added to PATH
• ca-certificates package installed for SSL support
• Sudoers updated for update-ca-certificates

SDK Mounting (cmd/new.go)

• android.sdk_path config option (e.g., ~/Android/Sdk)
• Mounts SDK read-only at /home/node/Android/Sdk
• Sets ANDROID_HOME environment variable and updates PATH
• Updates local.properties in workspace if present

Git Configuration

• git.user_name and git.user_email config options in cmd/root.go
• configureGitUser() function in cmd/new.go
• Automatically runs git config --global in new containers

Daemon & Notifications

Auto-Start (cmd/daemon.go, cmd/root.go)

• EnsureDaemonRunning() function starts daemon silently if not running
• Called automatically when TUI launches
• Daemon detaches from parent process

Configuration

• daemon.check_interval - How often to check containers (default: 30m)
• daemon.notifications.attention_threshold - Delay before notification (default: 5s)

Fixes (pkg/daemon/daemon.go)

• Linux notify-send fix - --icon argument now placed before title/message
• Container prefix support - Uses config.ContainerPrefix instead of hardcoded mcl-
• getShortName() now a method using configured prefix
• Platform-specific logging for notification backend

Container Defaults

• containers.default_return_to_tui - Auto-check "Return to TUI" checkbox when creating containers (pkg/tui/model.go)

Automatic Bypass Permissions Accept (cmd/new.go)

• Auto-input script now accepts the bypass permissions prompt automatically
• Sends Down + Enter keys before sending task prompt

Configuration Example

# AWS Bedrock (alternative to Anthropic API)
aws:
  enabled: true
  profile: "your-aws-profile"
  region: "us-east-1"

bedrock:
  enabled: true
  model: "anthropic.claude-sonnet-4-20250514-v1:0"

# Corporate network / VPN
firewall:
  allowed_domains:
    - github.com
    - api.anthropic.com
  internal_dns: "10.0.0.1"
  internal_domains:
    - "internal.company.com"
    - "artifactory.company.com"

# SSL certificates for HTTPS inspection
ssl:
  certificates_path: "~/.maestro/certificates"

# Git identity for commits
git:
  user_name: "Your Name"
  user_email: "[email protected]"

# SSH agent forwarding (keys stay on host)
ssh:
  enabled: true

# Android SDK mounting
android:
  sdk_path: "~/Android/Sdk"

# Container defaults
containers:
  default_return_to_tui: true

# Faster notifications
daemon:
  check_interval: "10s"
  notifications:
    enabled: true
    attention_threshold: "5s"

Files Changed

File	Lines	Description
README.md	+85	Documentation for all new config options
cmd/root.go	+53	New config structs: AWS, Bedrock, SSH, SSL, Android, Git; defaults; daemon auto-start
cmd/new.go	+283	Container startup with AWS/SSL/SSH/Android mounts; git config; SSL cert import; auto-accept bypass
cmd/auth.go	+113	Bedrock auth flow; AWS SSO login; copyFile helper; SSL cert mounting
cmd/daemon.go	+31	EnsureDaemonRunning() for auto-start
pkg/daemon/daemon.go	+27/-23	Container prefix config; Linux notify-send fix; getShortName method
pkg/tui/model.go	+7/-2	Skip cred check for Bedrock; default return-to-TUI checkbox
pkg/paths/paths.go	+7	CertificatesDir() function
assets/init-firewall.sh	+27	AWS domains; internal DNS routing
docker/init-firewall.sh	+27	Mirror of assets firewall script
docker/Dockerfile	+24/-1	Java JDK 17; Gradle 8.13; ca-certificates; sudoers
docker/container-startup.sh	+7	Custom CA certificate installation

Total: +725 insertions, -39 deletions across 12 files

Testing

• AWS Bedrock authentication and API calls
• Corporate proxy (Zscaler) with internal DNS routing
• SSL certificate import into Java keystore (Gradle builds)
• SSH agent forwarding for git clone/push
• Android SDK mounting and Gradle Android builds
• Daemon auto-start from TUI
• Linux desktop notifications (notify-send)
• Notification threshold timing

Breaking Changes

None - all new features are opt-in via configuration.

Migration

Existing users can continue using Maestro without changes. To use new features, add the relevant configuration to ~/.maestro/config.yml.

For AWS Bedrock users:

1. Add aws and bedrock config sections
2. Run maestro auth to set up AWS SSO

For corporate/VPN users:

1. Add firewall.internal_dns and firewall.internal_domains
2. Place CA certificates in ~/.maestro/certificates/

For Android developers:

1. Set android.sdk_path to your host SDK location
2. Java 17 and Gradle 8.13 are now included in the container image

[jwriteclub]

Overall a really solid PR. Thank you!

I am inclined to accept it as is, but can you please answer the questions I put on a couple of the commits first @kisnandor2?

[jwriteclub]

I guess they're just public certificates. I wonder if there is any risk here that I haven't thought of?

[kisnandor2]

This is mostly due to the fact that these need to be part of the java cacerts (it's mainly for Java/Android builds).

We could simplify by importing from the already-mounted /etc/ssl/certs instead of requiring a separate ~/.maestro/certificates directory.

The current approach is:

1. Conservative - avoid touching Java's default cacerts unnecessarily
2. Avoiding duplicates - Java ships with ~100+ common CAs already
3. Startup speed - importing hundreds of certs takes time

But for corporate proxies (Zscaler, etc.), their CA cert IS typically in /etc/ssl/certs on the host. So we could just import from there.

Simpler approach:

  # In container startup, import any certs from /etc/ssl/certs 
  # that aren't already in Java's keystore
  for cert in /etc/ssl/certs/*.crt /etc/ssl/certs/*.pem; do
      keytool -importcert -noprompt -trustcacerts \
          -alias "$(basename $cert)" \
          -file "$cert" \
          -keystore $JAVA_HOME/lib/security/cacerts \
          -storepass changeit 2>/dev/null || true  # ignore duplicates
  done

This would:

• Eliminate the need for ssl.certificates_path config
• Automatically work with any corporate CA on the host
• Be idempotent (duplicates just fail silently)
• Add ~5-10 seconds to container startup to process all certs.

[jwriteclub]

Do we need to detect this? I will need to test with a .claude.json file to make sure this works in both environments (or we have to branch and have two versions based on whether using bedrock or not?)

[kisnandor2]

During maestro auth with claude backend the prompt is accepted by the user. However during maestro auth with AWS backend, the claude instance is not started at all so the prompt can't be accepted by the user thus permission prompt is accepted in the container.

The current approach sends Down+Enter blindly. If the prompt doesn't appear (e.g., already accepted in .claude.json), it just sends those keys to Claude which is harmless. We could add detection, but the current approach works for both cases.

[jwriteclub]

How do we feel about versioning this? It's not necessarily ideal to have it fixed in a config file like this, but if you guys are using this regularly, and will commit to sending a PR from time to time when it needs changes, then I'm okay hardcoding it like this.

[kisnandor2]

I don't yet know if this is a good approach or not. I'm currently at Hey, it's working on my end point. Since this impacts the container, I'm not yet sure how to make this more dynamic.

[jwriteclub]

Also, I just cut a release, so while the merge looks clean, please just run through your use cases again with the latest main to make sure it'll still be a good merge.

[kisnandor2]

Hi @jwriteclub. Please see my updates and let's discuss if any other changes are needed.
While reading through this PR again, I thought that maybe separating the aws and non aws setup into different sources/modules/objects created by factories would be practical (aws specific code however is not big enough to to justify this refactor).

[kisnandor2]

New Features

• Batch command - Manage multiple containers with a single command, with LLM-powered task analysis that respects logical groupings
• Shell completion - Support for bash, zsh, fish, and powershell with easy make install-completion setup
• GitHub Enterprise support - Enable GitHub CLI authentication with custom hostnames for enterprise instances
• --extra-command flag - Send follow-up instructions to Claude in every batch container after the main task completes
• .maestroignore support - Project-level file exclusions when copying to containers (like .gitignore)

Performance Improvements

• Copy progress display - Live progress bars with speed stats during batch container creation
• sync.compress: false - Option to skip gzip for faster copying of large local projects

TUI Improvements

• Add CREATED column showing container creation time
• Hide AUTH column when AWS/Bedrock auth is enabled
• Parallelize container info fetching for faster loading
• Show Waiting status when container needs attention
• Use consistent single-width Unicode symbols for status indicators

Developer Experience

• Mount host's SSH known_hosts file (read-only) into containers to eliminate manual host key acceptance

🤖 Generated with Claude Code