From 6eb3b464f5bfb2ae635db55aaae593760155cb98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christopher=20M=C3=BChl?= Date: Mon, 13 Apr 2026 09:01:22 +0000 Subject: [PATCH] feat(05-01): register INST-01 through INST-04 requirements - Add Instance Isolation section after Authentication Passthrough - INST-01: per-project isolated conversation history (no cross-contamination) - INST-02: git worktrees share instance state via --git-common-dir - INST-03: concurrent sessions safe (Claude Code manages own concurrency, D-13) - INST-04: --gc removes stale instance dirs for missing project roots - Add traceability rows mapping INST-01..04 to Phase 5 - Update coverage count from 2 to 6 v2 requirements --- .planning/REQUIREMENTS.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.planning/REQUIREMENTS.md b/.planning/REQUIREMENTS.md index f7b1771..421dce6 100644 --- a/.planning/REQUIREMENTS.md +++ b/.planning/REQUIREMENTS.md @@ -61,6 +61,13 @@ - **AUTH-01**: `~/.claudebox/.credentials.json` (OAuth tokens) is bind-mounted read-write into the sandbox when the file exists on the host, so users do not need to re-authenticate on every launch - **AUTH-02**: When `~/.claudebox/.credentials.json` does not exist, claudebox starts without any error or warning (silent skip) +### Instance Isolation + +- **INST-01**: Each project directory has isolated conversation history — launching claudebox in two different project directories produces separate histories with no cross-contamination +- **INST-02**: Git worktrees of the same repo share instance state with the main worktree (canonical root resolved via `git rev-parse --git-common-dir`) +- **INST-03**: Two concurrent claudebox sessions in the same project do not corrupt each other's state (satisfied architecturally: Claude Code manages its own file-level concurrency within its data dir; no locking needed per D-13) +- **INST-04**: `claudebox --gc` removes instance directories for project roots that no longer exist on disk + ### Network Isolation - **NET-01**: Block LAN/Tailscale access (RFC1918 + 100.64.0.0/10) while allowing internet egress @@ -127,9 +134,13 @@ | NIX-03 | Phase 1 | Complete | | AUTH-01 | Phase 4 | Complete | | AUTH-02 | Phase 4 | Complete | +| INST-01 | Phase 5 | Pending | +| INST-02 | Phase 5 | Pending | +| INST-03 | Phase 5 | Pending | +| INST-04 | Phase 5 | Pending | **Coverage:** -- v1 requirements: 31 total, v2 requirements (partial): 2 +- v1 requirements: 31 total, v2 requirements (partial): 6 - Mapped to phases: 33 - Unmapped: 0