toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(01): resolve open research questions

Browse source
This commit is contained in:
Christopher Mühl 2026-04-09 11:05:02 +02:00
parent 71790d714b
commit 7b1220bdf1
No known key found for this signature in database
GPG key ID: 925AC7D69955293F
1 changed files with 4 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
.planning/phases/01-minimal-viable-sandbox/01-RESEARCH.md
View file

@ -401,22 +401,16 @@ Note: `--symlink` creates `TARGET LINK_NAME` (dest is the symlink path). The `en
| A4 | jq, ripgrep, fd are standard nixpkgs packages | Standard Stack | Build would fail if package names differ | | A4 | jq, ripgrep, fd are standard nixpkgs packages | Standard Stack | Build would fail if package names differ |
| A5 | flake.nix structure with writeShellApplication + builtins.readFile | Code Examples | Nix build would fail if API differs | | A5 | flake.nix structure with writeShellApplication + builtins.readFile | Code Examples | Nix build would fail if API differs |
## Open Questions ## Open Questions (RESOLVED)
1. **Claude Code source: host vs flake input** 1. **Claude Code source: host vs flake input**
- What we know: Host has claude-code 2.1.70 (custom derivation with MCP injection), nixpkgs has 2.0.51 - RESOLVED: Discover claude from host PATH at runtime (`CLAUDE_BIN=$(command -v claude)`). This avoids version management and respects the host's claude-code configuration. The script fails fast with a clear error if `claude` is not found.
- What's unclear: Should claudebox depend on the host's claude or bundle its own?
- Recommendation: Discover claude from host PATH at runtime (`CLAUDE_BIN=$(command -v claude)`). This avoids version management and respects the host's claude-code configuration. The script should fail fast with a clear error if `claude` is not found.
2. **XDG_RUNTIME_DIR inside sandbox** 2. **XDG_RUNTIME_DIR inside sandbox**
- What we know: It's in the allowlist (SAND-03), typically `/run/user/1000` on the host - RESOLVED: Set `--setenv XDG_RUNTIME_DIR /tmp` inside the sandbox (D-04 says sandbox-generated). Don't mount the host's runtime dir as it may contain secret sockets.
- What's unclear: Whether to bind-mount the host's XDG_RUNTIME_DIR or create a tmpfs one
- Recommendation: Set `--setenv XDG_RUNTIME_DIR /tmp` inside the sandbox (D-04 says sandbox-generated). Don't mount the host's runtime dir as it may contain secret sockets.
3. **`~/.claudebox` creation** 3. **`~/.claudebox` creation**
- What we know: SAND-08 says bind-mount `~/.claudebox` as `~/.claude` - RESOLVED: Script does `mkdir -p ~/.claudebox` before bwrap invocation if it doesn't exist.
- What's unclear: Who creates `~/.claudebox` if it doesn't exist?
- Recommendation: Script should `mkdir -p ~/.claudebox` before bwrap invocation if it doesn't exist.
## Environment Availability ## Environment Availability