diff --git a/.planning/REQUIREMENTS.md b/.planning/REQUIREMENTS.md new file mode 100644 index 0000000..bb99687 --- /dev/null +++ b/.planning/REQUIREMENTS.md @@ -0,0 +1,96 @@ +# Requirements: claudebox + +**Defined:** 2026-04-10 +**Core Value:** Secrets never enter the Claude Code environment. If a secret is accessible inside the sandbox, it's a bug. + +## v2.0 Requirements + +Requirements for v2.0 release. Each maps to roadmap phases. + +### Authentication + +- [ ] **AUTH-01**: User's existing Claude subscription works inside sandbox via host `~/.claude/.credentials.json` mounted read-write +- [ ] **AUTH-02**: `ANTHROPIC_API_KEY` env var passed through when set on host (takes precedence over OAuth) + +### Instance Isolation + +- [ ] **INST-01**: Each project directory gets its own isolated `~/.claude` state (conversations, todos, history) +- [ ] **INST-02**: Git worktrees of the same repo share the same instance directory +- [ ] **INST-03**: Concurrent claudebox sessions in the same project are protected by flock +- [ ] **INST-04**: `--gc` command cleans up instance directories for projects that no longer exist + +### Network Isolation + +- [ ] **NET-01**: `--network none` fully isolates network (offline mode, Nix daemon still works via socket) +- [ ] **NET-02**: `--network inet` allows internet access but blocks LAN and Tailscale traffic +- [ ] **NET-03**: `--network full` preserves current behavior (host network, default) +- [ ] **NET-04**: `--network` CLI flag selects tier at launch +- [ ] **NET-05**: `CLAUDEBOX_NETWORK` env var sets tier (CLI flag wins if both set) + +### Profiles + +- [ ] **PROF-01**: Named profiles loadable via `--profile foo` or `CLAUDEBOX_PROFILE=foo` (flag wins) +- [ ] **PROF-02**: Profile defines env vars to pass through, extra mounts, and network tier +- [ ] **PROF-03**: Profiles stored as JSON at `~/.claudebox/profiles/.json` +- [ ] **PROF-04**: `--list-profiles` shows available profiles +- [ ] **PROF-05**: `--show-profile ` displays profile contents +- [ ] **PROF-06**: Pre-launch audit extended to show active profile, network tier, and extra mounts + +## Future Requirements + +### Nix Package Injection + +- **PKG-01**: Profile `packages` field resolved via `nix build` and added to sandbox PATH +- **PKG-02**: Package resolution cached to avoid startup latency on repeated launches + +### Profile Inheritance + +- **PROF-07**: Profile `extends` field to inherit from another profile + +### Instance Management + +- **INST-05**: Instance dir GC with dry-run mode + +## Out of Scope + +| Feature | Reason | +|---------|--------| +| Full nix develop devShell integration | Profile `packages` field covers 80% case; full devShell adds complexity | +| Domain-level network allowlists | Three tiers (full/inet/none) cover actual use cases | +| NixOS module form | Wrapper script derivation, not a services/programs module | +| Shareability | Personal tool first, not designed for others yet | +| Per-profile SANDBOX.md overrides | Breaks the security invariant — one SANDBOX.md for all | +| Storing secret values in profile files | Profiles reference env var names, not values | + +## Traceability + +Which phases cover which requirements. Updated during roadmap creation. + +| Requirement | Phase | Status | +|-------------|-------|--------| +| AUTH-01 | Phase 4 | Pending | +| AUTH-02 | Phase 4 | Pending | +| INST-01 | Phase 5 | Pending | +| INST-02 | Phase 5 | Pending | +| INST-03 | Phase 5 | Pending | +| INST-04 | Phase 5 | Pending | +| NET-01 | Phase 6 | Pending | +| NET-02 | Phase 6 | Pending | +| NET-03 | Phase 6 | Pending | +| NET-04 | Phase 6 | Pending | +| NET-05 | Phase 6 | Pending | +| PROF-01 | Phase 7 | Pending | +| PROF-02 | Phase 7 | Pending | +| PROF-03 | Phase 7 | Pending | +| PROF-04 | Phase 7 | Pending | +| PROF-05 | Phase 7 | Pending | +| PROF-06 | Phase 7 | Pending | + +**Coverage:** +- v2.0 requirements: 17 total +- Mapped to phases: 17 +- Unmapped: 0 + +--- +*Requirements defined: 2026-04-10* +*Last updated: 2026-04-10 after initial definition*