From 51dba047f343b1a17d5a99c7f01af131c9bd1a2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christopher=20M=C3=BChl?= <toki@toph.so>
Date: Thu, 9 Apr 2026 11:11:44 +0200
Subject: [PATCH] feat(01-01): add claudebox.sh with bwrap sandbox, env
 allowlist, and secret hiding

---
 claudebox.sh | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100644 claudebox.sh

diff --git a/claudebox.sh b/claudebox.sh
new file mode 100644
index 0000000..8f9fca2
--- /dev/null
+++ b/claudebox.sh
@@ -0,0 +1,88 @@
+# Resolve claude binary from host PATH (before clearenv strips it)
+CLAUDE_BIN=$(command -v claude) || {
+  echo "error: claude not found in PATH" >&2
+  echo "Install Claude Code first: https://docs.anthropic.com/en/docs/claude-code" >&2
+  exit 1
+}
+
+# Capture sandbox PATH (runtimeInputs-constructed)
+SANDBOX_PATH="$PATH"
+
+# Record CWD
+CWD=$(pwd)
+
+# Ensure ~/.claudebox exists
+mkdir -p "$HOME/.claudebox"
+
+# Generate minimal .gitconfig (D-05)
+GIT_NAME=$(git config --global user.name 2>/dev/null || echo "Claude User")
+GIT_EMAIL=$(git config --global user.email 2>/dev/null || echo "claude@localhost")
+
+GITCONFIG_TMP=$(mktemp)
+trap 'rm -f "$GITCONFIG_TMP"' EXIT
+
+cat > "$GITCONFIG_TMP" <<GITEOF
+[user]
+    name = $GIT_NAME
+    email = $GIT_EMAIL
+[safe]
+    directory = *
+GITEOF
+
+# Build environment --setenv args array (D-03, D-04, SAND-02, SAND-03)
+# Sandbox-generated vars -- set directly, never from host
+ENV_ARGS=(
+  --setenv HOME "$HOME"
+  --setenv USER "$USER"
+  --setenv PATH "$SANDBOX_PATH"
+  --setenv SHELL /bin/bash
+  --setenv TMPDIR /tmp
+  --setenv XDG_RUNTIME_DIR /tmp
+  --setenv NIX_SSL_CERT_FILE /etc/ssl/certs/ca-certificates.crt
+  --setenv SSL_CERT_FILE /etc/ssl/certs/ca-certificates.crt
+)
+
+# Allowlisted host vars -- only pass if set on host
+HOST_ALLOWLIST=(TERM EDITOR LANG LC_ALL ANTHROPIC_API_KEY)
+for var in "${HOST_ALLOWLIST[@]}"; do
+  if [[ -v "$var" ]]; then
+    ENV_ARGS+=(--setenv "$var" "${!var}")
+  fi
+done
+
+# CLAUDEBOX_EXTRA_ENV escape hatch (D-03, comma-separated)
+if [[ -v CLAUDEBOX_EXTRA_ENV ]]; then
+  IFS=',' read -ra EXTRAS <<< "$CLAUDEBOX_EXTRA_ENV"
+  for var in "${EXTRAS[@]}"; do
+    var="${var// /}"  # trim whitespace
+    if [[ -n "$var" ]] && [[ -v "$var" ]]; then
+      ENV_ARGS+=(--setenv "$var" "${!var}")
+    fi
+  done
+fi
+
+# exec bwrap (SAND-04 through SAND-15, UX-06, D-01)
+exec bwrap \
+  --clearenv \
+  "${ENV_ARGS[@]}" \
+  --tmpfs / \
+  --proc /proc \
+  --dev /dev \
+  --tmpfs /tmp \
+  --ro-bind /nix/store /nix/store \
+  --bind /nix/var/nix /nix/var/nix \
+  --ro-bind /etc/resolv.conf /etc/resolv.conf \
+  --ro-bind /etc/ssl /etc/ssl \
+  --ro-bind /etc/static /etc/static \
+  --ro-bind /etc/passwd /etc/passwd \
+  --ro-bind /etc/group /etc/group \
+  --ro-bind /etc/hosts /etc/hosts \
+  --ro-bind /etc/nsswitch.conf /etc/nsswitch.conf \
+  --ro-bind /etc/nix /etc/nix \
+  --symlink "$(command -v env)" /usr/bin/env \
+  --tmpfs "$HOME" \
+  --bind "$HOME/.claudebox" "$HOME/.claude" \
+  --ro-bind "$GITCONFIG_TMP" "$HOME/.gitconfig" \
+  --bind "$CWD" "$CWD" \
+  --chdir "$CWD" \
+  -- "$CLAUDE_BIN" --dangerously-skip-permissions "$@"