From 3dfcb40e313fcdd48e6cfce4e68f4c49f92a8cb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christopher=20M=C3=BChl?= Date: Fri, 10 Apr 2026 08:30:13 +0000 Subject: [PATCH] docs: start milestone v2.0 Network Isolation & Profiles --- .planning/PROJECT.md | 40 ++++++++++++++++++++++++++++++++++++---- .planning/STATE.md | 28 +++++++++++++++------------- 2 files changed, 51 insertions(+), 17 deletions(-) diff --git a/.planning/PROJECT.md b/.planning/PROJECT.md index 4e01ac2..cefefde 100644 --- a/.planning/PROJECT.md +++ b/.planning/PROJECT.md @@ -27,14 +27,18 @@ Secrets never enter the Claude Code environment. If a secret is accessible insid ### Active -(No active requirements — start next milestone with `/gsd-new-milestone`) +- [ ] Host `~/.claude` auth files mounted read-only for subscription passthrough +- [ ] Per-project instance directories (`~/.claudebox/instances//.claude/`) — conversation history scoped per project +- [ ] Named profiles (`--profile foo` / `CLAUDEBOX_PROFILE=foo`) defining env vars, mounts, packages, network tier +- [ ] Profile storage at `~/.claudebox/profiles/` +- [ ] Nix devshell/package injection per profile +- [ ] Tiered network isolation: full, internet-only (unshare-net + slirp4netns), none (offline) ### Out of Scope -- Network isolation — trusting Claude Code's built-in proxy for domain allowlisting - NixOS module form — this is a wrapper script derivation, not a services/programs module -- Configurable per-project profiles — v1 is one tool set, profiles come later - Shareability — personal tool first, not designed for others yet +- Domain-level network allowlists — tiered isolation (full/internet-only/none) is sufficient for now ## Context @@ -62,5 +66,33 @@ Non-NixOS support added via conditional `/etc/static` mount. | Claude Code via nix-claude-code flake | ryoppippi/nix-claude-code, not host PATH | ✓ Good | | SANDBOX.md as separate file with @import | Keeps user CLAUDE.md clean, sandbox instructions always fresh | ✓ Good | +## Current Milestone: v2.0 Network Isolation & Profiles + +**Goal:** Add tiered network isolation, per-project instance isolation, named profiles, and host auth passthrough. + +**Target features:** +- Host auth passthrough (read-only mount of auth files from `~/.claude`) +- Per-project instance isolation (conversation history scoped per project automatically) +- Named profiles with env vars, mounts, packages, and network tier +- Nix devshell injection per profile +- Tiered network: full, internet-only (no LAN/Tailscale), none (offline) + +## Evolution + +This document evolves at phase transitions and milestone boundaries. + +**After each phase transition** (via `/gsd-transition`): +1. Requirements invalidated? → Move to Out of Scope with reason +2. Requirements validated? → Move to Validated with phase reference +3. New requirements emerged? → Add to Active +4. Decisions to log? → Add to Key Decisions +5. "What This Is" still accurate? → Update if drifted + +**After each milestone** (via `/gsd-complete-milestone`): +1. Full review of all sections +2. Core Value check — still the right priority? +3. Audit Out of Scope — reasons still valid? +4. Update Context with current state + --- -*Last updated: 2026-04-10 after v1.0 milestone* +*Last updated: 2026-04-10 after v2.0 milestone started* diff --git a/.planning/STATE.md b/.planning/STATE.md index 848fd73..9bdfca2 100644 --- a/.planning/STATE.md +++ b/.planning/STATE.md @@ -1,17 +1,17 @@ --- gsd_state_version: 1.0 -milestone: v1.0 -milestone_name: MVP -status: complete -stopped_at: Milestone v1.0 complete +milestone: v2.0 +milestone_name: Network Isolation & Profiles +status: active +stopped_at: null last_updated: "2026-04-10" -last_activity: 2026-04-10 - Completed v1.0 milestone +last_activity: 2026-04-10 - Milestone v2.0 started progress: - total_phases: 3 - completed_phases: 3 - total_plans: 5 - completed_plans: 5 - percent: 100 + total_phases: 0 + completed_phases: 0 + total_plans: 0 + completed_plans: 0 + percent: 0 --- # Project State @@ -21,12 +21,14 @@ progress: See: .planning/PROJECT.md (updated 2026-04-10) **Core value:** Secrets never enter the Claude Code environment -**Current focus:** Planning next milestone +**Current focus:** Defining requirements for v2.0 ## Current Position -Milestone: v1.0 MVP — SHIPPED 2026-04-10 -All 3 phases complete, 5 plans executed. +Phase: Not started (defining requirements) +Plan: — +Status: Defining requirements +Last activity: 2026-04-10 — Milestone v2.0 started ## Accumulated Context