From 9296453be3364637425fa733ec6022cce286b05d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christopher=20M=C3=BChl?= <toki@toph.so>
Date: Thu, 9 Apr 2026 11:14:50 +0200
Subject: [PATCH] fix(01-02): resolve claude and env paths through symlinks

readlink -f ensures CLAUDE_BIN and env point to real nix store
paths accessible inside the bwrap sandbox.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 claudebox.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/claudebox.sh b/claudebox.sh
index 8f9fca2..b3165a3 100644
--- a/claudebox.sh
+++ b/claudebox.sh
@@ -1,5 +1,5 @@
 # Resolve claude binary from host PATH (before clearenv strips it)
-CLAUDE_BIN=$(command -v claude) || {
+CLAUDE_BIN=$(readlink -f "$(command -v claude)") || {
   echo "error: claude not found in PATH" >&2
   echo "Install Claude Code first: https://docs.anthropic.com/en/docs/claude-code" >&2
   exit 1
@@ -79,7 +79,7 @@ exec bwrap \
   --ro-bind /etc/hosts /etc/hosts \
   --ro-bind /etc/nsswitch.conf /etc/nsswitch.conf \
   --ro-bind /etc/nix /etc/nix \
-  --symlink "$(command -v env)" /usr/bin/env \
+  --symlink "$(readlink -f "$(command -v env)")" /usr/bin/env \
   --tmpfs "$HOME" \
   --bind "$HOME/.claudebox" "$HOME/.claude" \
   --ro-bind "$GITCONFIG_TMP" "$HOME/.gitconfig" \