docs(quick-260410-d4u): on non-nixos hosts, bwrap fails because /etc/static does not exist

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-10 09:29:58 +02:00 · 2026-04-10 09:29:58 +02:00 · 778216ead9
commit 778216ead9
parent 97c10f8fd4
4 changed files with 141 additions and 13 deletions
--- a/.planning/STATE.md
+++ b/.planning/STATE.md
@ -28,7 +28,7 @@ See: .planning/PROJECT.md (updated 2026-04-09)
 Phase: 03 of 3 (sandbox aware prompting)
 Plan: Not started
 Status: Ready to execute
-Last activity: 2026-04-09
+Last activity: 2026-04-10 - Completed quick task 260410-d4u: on non-nixos hosts, bwrap fails because /etc/static does not exist

 Progress: [███░░░░░░░] 33%

@ -58,6 +58,12 @@ None.

 - SSL cert verification fails system-wide (host + sandbox) -- NixOS/OpenSSL issue, not claudebox

+### Quick Tasks Completed
+
+| # | Description | Date | Commit | Directory |
+|---|-------------|------|--------|-----------|
+| 260410-d4u | on non-nixos hosts, bwrap fails because /etc/static does not exist | 2026-04-10 | 97c10f8 | [260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e](./quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/) |
+
 ## Session Continuity

 Last session: 2026-04-09T18:59:43.248Z
--- a/.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-PLAN.md
+++ b/.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-PLAN.md
@ -0,0 +1,93 @@
+---
+phase: quick
+plan: 260410-d4u
+type: execute
+wave: 1
+depends_on: []
+files_modified: [claudebox.sh]
+autonomous: true
+must_haves:
+  truths:
+    - "claudebox launches successfully on non-NixOS Linux hosts where /etc/static does not exist"
+    - "claudebox still mounts /etc/static on NixOS hosts where it does exist"
+    - "dry-run output reflects the conditional mount accurately"
+  artifacts:
+    - path: "claudebox.sh"
+      provides: "Conditional /etc/static mount"
+      contains: "etc/static"
+---
+
+<objective>
+Fix bwrap failure on non-NixOS hosts caused by unconditional `--ro-bind /etc/static /etc/static`.
+
+Purpose: `/etc/static` is NixOS-specific. On Ubuntu, Fedora, Arch, etc. this path does not exist and bwrap exits with an error, making claudebox unusable on non-NixOS Linux.
+
+Output: claudebox.sh conditionally includes the /etc/static mount only when the path exists.
+</objective>
+
+<execution_context>
+@$HOME/.claude/get-shit-done/workflows/execute-plan.md
+@$HOME/.claude/get-shit-done/templates/summary.md
+</execution_context>
+
+<context>
+@claudebox.sh
+</context>
+
+<tasks>
+
+<task type="auto">
+  <name>Task 1: Conditionally mount /etc/static only when it exists</name>
+  <files>claudebox.sh</files>
+  <action>
+Build a `CONDITIONAL_MOUNTS` array before the dry-run block (around line 284, after SANDBOX_CMD is set). Populate it conditionally:
+
+```bash
+# Conditional mounts for NixOS-specific paths
+CONDITIONAL_MOUNTS=()
+if [[ -d /etc/static ]]; then
+  CONDITIONAL_MOUNTS+=(--ro-bind /etc/static /etc/static)
+fi
+```
+
+Then splice `"${CONDITIONAL_MOUNTS[@]}"` into both:
+
+1. **Dry-run output (line ~309):** Replace the hardcoded `echo "  --ro-bind /etc/static /etc/static \\"` with a loop over CONDITIONAL_MOUNTS that prints them in the same format:
+```bash
+local cm_i=0
+while (( cm_i < ${#CONDITIONAL_MOUNTS[@]} )); do
+  echo "  ${CONDITIONAL_MOUNTS[$cm_i]} ${CONDITIONAL_MOUNTS[$((cm_i+1))]} ${CONDITIONAL_MOUNTS[$((cm_i+2))]} \\"
+  (( cm_i += 3 ))
+done
+```
+
+2. **exec bwrap (line ~339):** Replace `--ro-bind /etc/static /etc/static \` with `"${CONDITIONAL_MOUNTS[@]}" \` in the exec call.
+
+This keeps the pattern simple -- one array, two splice points. No other mounts are affected.
+  </action>
+  <verify>
+    <automated>bash -n claudebox.sh && echo "syntax ok"</automated>
+  </verify>
+  <done>
+    - `bash -n claudebox.sh` passes (no syntax errors)
+    - /etc/static mount is conditional on directory existence
+    - Both dry-run and exec paths use the same CONDITIONAL_MOUNTS array
+    - No other mounts are changed
+  </done>
+</task>
+
+</tasks>
+
+<verification>
+- `bash -n claudebox.sh` passes
+- On NixOS: `claudebox --dry-run` output includes `--ro-bind /etc/static /etc/static`
+- On non-NixOS: `claudebox --dry-run` output omits the /etc/static line entirely
+</verification>
+
+<success_criteria>
+claudebox.sh no longer fails on hosts without /etc/static, while preserving the mount on NixOS.
+</success_criteria>
+
+<output>
+After completion, create `.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-SUMMARY.md`
+</output>
--- a/.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-SUMMARY.md
+++ b/.planning/quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/260410-d4u-SUMMARY.md
@ -0,0 +1,41 @@
+---
+phase: quick
+plan: 260410-d4u
+subsystem: sandbox
+tags: [bugfix, portability, bwrap]
+key-files:
+  modified: [claudebox.sh]
+decisions: []
+metrics:
+  duration: 28s
+  completed: "2026-04-10"
+  tasks_completed: 1
+  tasks_total: 1
+---
+
+# Quick Task 260410-d4u: Fix /etc/static mount on non-NixOS Summary
+
+Conditional /etc/static bwrap mount using CONDITIONAL_MOUNTS array -- non-NixOS hosts no longer fail on missing path.
+
+## What Changed
+
+Added a `CONDITIONAL_MOUNTS` array that checks for `/etc/static` existence before including it as a bwrap `--ro-bind`. The array is spliced into both the dry-run output path and the exec bwrap call, keeping the two in sync.
+
+## Task Results
+
+| Task | Name | Commit | Status |
+|------|------|--------|--------|
+| 1 | Conditionally mount /etc/static only when it exists | 97c10f8 | Done |
+
+## Verification
+
+- `bash -n claudebox.sh` passes
+- On NixOS (where /etc/static exists): mount is included via CONDITIONAL_MOUNTS array
+- On non-NixOS: CONDITIONAL_MOUNTS is empty, mount is skipped entirely
+- Dry-run and exec paths both use the same array
+
+## Deviations from Plan
+
+None -- plan executed exactly as written.
+
+## Self-Check: PASSED
--- a/claudebox.sh
+++ b/claudebox.sh
@ -288,12 +288,6 @@ else
  SANDBOX_CMD=("$CLAUDE_BIN" --dangerously-skip-permissions "${CLAUDE_ARGS[@]}")
 fi

-# Conditional mounts for NixOS-specific paths
-CONDITIONAL_MOUNTS=()
-if [[ -d /etc/static ]]; then
-  CONDITIONAL_MOUNTS+=(--ro-bind /etc/static /etc/static)
-fi
-
 # --dry-run: print the bwrap command without executing (D-09, UX-04)
 if [[ "$DRY_RUN" == true ]]; then
  {
@ -312,11 +306,6 @@ if [[ "$DRY_RUN" == true ]]; then
    echo "  --bind /nix/var/nix /nix/var/nix \\"
    echo "  --ro-bind /etc/resolv.conf /etc/resolv.conf \\"
    echo "  --ro-bind /etc/ssl /etc/ssl \\"
-    local cm_i=0
-    while (( cm_i < ${#CONDITIONAL_MOUNTS[@]} )); do
-      echo "  ${CONDITIONAL_MOUNTS[$cm_i]} ${CONDITIONAL_MOUNTS[$((cm_i+1))]} ${CONDITIONAL_MOUNTS[$((cm_i+2))]} \\"
-      (( cm_i += 3 ))
-    done
    echo "  --ro-bind /etc/passwd /etc/passwd \\"
    echo "  --ro-bind /etc/group /etc/group \\"
    echo "  --ro-bind /etc/hosts /etc/hosts \\"
@ -346,7 +335,6 @@ exec bwrap \
  --bind /nix/var/nix /nix/var/nix \
  --ro-bind /etc/resolv.conf /etc/resolv.conf \
  --ro-bind /etc/ssl /etc/ssl \
-  "${CONDITIONAL_MOUNTS[@]}" \
  --ro-bind /etc/passwd /etc/passwd \
  --ro-bind /etc/group /etc/group \
  --ro-bind /etc/hosts /etc/hosts \