fix: SHELL path, PATH isolation, --shell flag, nix-claude-code input

- Resolve SHELL to nix store bash path (was /bin/bash which doesn't exist in sandbox)
- Inject clean SANDBOX_PATH via makeBinPath (was leaking entire host PATH)
- Add --shell flag to drop into sandboxed bash for manual verification
- Use nix-claude-code flake for claude-code binary instead of host PATH discovery

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

claudebox.sh

@@ -1,12 +1,17 @@
-# Resolve claude binary from host PATH (before clearenv strips it)
+# Parse claudebox flags
-CLAUDE_BIN=$(readlink -f "$(command -v claude)") || {
+SHELL_MODE=false
-  echo "error: claude not found in PATH" >&2
+for arg in "$@"; do
-  echo "Install Claude Code first: https://docs.anthropic.com/en/docs/claude-code" >&2
+  case "$arg" in
-  exit 1
+    --shell) SHELL_MODE=true; shift; break ;;
-}
+    --) shift; break ;;
+    *) break ;;
+  esac
+done
 
-# Capture sandbox PATH (runtimeInputs-constructed)
+# SANDBOX_PATH is injected by flake.nix via makeBinPath (only runtimeInputs, no host PATH)
-SANDBOX_PATH="$PATH"
+# Resolve binary paths from runtimeInputs
+SANDBOX_BASH="$(command -v bash)"
+CLAUDE_BIN="$(command -v claude)"
 
 # Record CWD
 CWD=$(pwd)
@@ -35,7 +40,7 @@ ENV_ARGS=(
   --setenv HOME "$HOME"
   --setenv USER "$USER"
   --setenv PATH "$SANDBOX_PATH"
-  --setenv SHELL /bin/bash
+  --setenv SHELL "$SANDBOX_BASH"
   --setenv TMPDIR /tmp
   --setenv XDG_RUNTIME_DIR /tmp
   --setenv NIX_SSL_CERT_FILE /etc/ssl/certs/ca-certificates.crt
@@ -61,6 +66,13 @@ if [[ -v CLAUDEBOX_EXTRA_ENV ]]; then
   done
 fi
 
+# Build sandbox command
+if [[ "$SHELL_MODE" == true ]]; then
+  SANDBOX_CMD=("$SANDBOX_BASH" "$@")
+else
+  SANDBOX_CMD=("$CLAUDE_BIN" --dangerously-skip-permissions "$@")
+fi
+
 # exec bwrap (SAND-04 through SAND-15, UX-06, D-01)
 exec bwrap \
   --clearenv \
@@ -85,4 +97,4 @@ exec bwrap \
   --ro-bind "$GITCONFIG_TMP" "$HOME/.gitconfig" \
   --bind "$CWD" "$CWD" \
   --chdir "$CWD" \
-  -- "$CLAUDE_BIN" --dangerously-skip-permissions "$@"
+  -- "${SANDBOX_CMD[@]}"

flake.lock

@@ -1,5 +1,25 @@
 {
   "nodes": {
+    "nix-claude-code": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1775702549,
+        "narHash": "sha256-33oPZsvyI41U8ygJbzgb6+GkyAaKEyVUQ3VcFNckeJY=",
+        "owner": "ryoppippi",
+        "repo": "nix-claude-code",
+        "rev": "729a851a87d66cebc50953e9509602e28ecb9520",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryoppippi",
+        "repo": "nix-claude-code",
+        "type": "github"
+      }
+    },
     "nix-index-database": {
       "inputs": {
         "nixpkgs": [
@@ -38,6 +58,7 @@
     },
     "root": {
       "inputs": {
+        "nix-claude-code": "nix-claude-code",
         "nix-index-database": "nix-index-database",
         "nixpkgs": "nixpkgs"
       }

flake.nix

@@ -3,22 +3,23 @@
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    nix-claude-code = {
+      url = "github:ryoppippi/nix-claude-code";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     nix-index-database = {
       url = "github:nix-community/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
 
-  outputs = { self, nixpkgs, nix-index-database, ... }:
+  outputs = { self, nixpkgs, nix-claude-code, nix-index-database, ... }:
     let
       system = "x86_64-linux";
       pkgs = nixpkgs.legacyPackages.${system};
+      claude-code = nix-claude-code.packages.${system}.default;
       comma-with-db = nix-index-database.packages.${system}.comma-with-db;
-    in {
+      runtimeDeps = [
-      packages.${system} = {
-        claudebox = pkgs.writeShellApplication {
-          name = "claudebox";
-          runtimeInputs = [
         pkgs.bubblewrap
         pkgs.coreutils
         pkgs.git
@@ -30,8 +31,17 @@
         comma-with-db
         pkgs.bash
         pkgs.nodejs
+        claude-code
       ];
-          text = builtins.readFile ./claudebox.sh;
+      sandboxPath = pkgs.lib.makeBinPath runtimeDeps;
+    in {
+      packages.${system} = {
+        claudebox = pkgs.writeShellApplication {
+          name = "claudebox";
+          runtimeInputs = runtimeDeps;
+          text = ''
+            SANDBOX_PATH="${sandboxPath}"
+          '' + builtins.readFile ./claudebox.sh;
         };
         default = self.packages.${system}.claudebox;
       };