From 4baf5768106f7cf1b35212f18b43c49c17a62bdf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christopher=20M=C3=BChl?= <toki@toph.so>
Date: Mon, 13 Apr 2026 09:55:40 +0000
Subject: [PATCH] fix: add /bin/sh symlink to sandbox so hooks can exec sh

Claude Code hooks invoke /bin/sh which doesn't exist in the bwrap
sandbox. Symlink bash to /bin/sh alongside the existing /usr/bin/env
symlink so all hook-based tooling (GSD statusline, project hooks)
works correctly inside claudebox.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 claudebox.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/claudebox.sh b/claudebox.sh
index 46dab6d..861e1f4 100644
--- a/claudebox.sh
+++ b/claudebox.sh
@@ -361,6 +361,7 @@ if [[ "$DRY_RUN" == true ]]; then
     echo "  --ro-bind /etc/nsswitch.conf /etc/nsswitch.conf \\"
     echo "  --ro-bind /etc/nix /etc/nix \\"
     printf '  --symlink %q /usr/bin/env \\\n' "$(readlink -f "$(command -v env)")"
+    printf '  --symlink %q /bin/sh \\\n' "$(readlink -f "$(command -v bash)")"
     echo "  --tmpfs $HOME \\"
     echo "  --bind $HOME/.claude $HOME/.claude \\"
     echo "  --bind $INSTANCE_DIR $HOME/.claude/projects \\"
@@ -398,6 +399,7 @@ BWRAP_ARGS=(
   --ro-bind /etc/nsswitch.conf /etc/nsswitch.conf
   --ro-bind /etc/nix /etc/nix
   --symlink "$(readlink -f "$(command -v env)")" /usr/bin/env
+  --symlink "$(readlink -f "$(command -v bash)")" /bin/sh
   --tmpfs "$HOME"
   # Phase 5: direct ~/.claude bind (D-01) — all plugins/skills/hooks/MCP visible
   --bind "$HOME/.claude" "$HOME/.claude"