fix(260410-d4u): conditionally mount /etc/static only on NixOS

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

claudebox.sh

@@ -288,6 +288,12 @@ else
   SANDBOX_CMD=("$CLAUDE_BIN" --dangerously-skip-permissions "${CLAUDE_ARGS[@]}")
 fi
 
+# Conditional mounts for NixOS-specific paths
+CONDITIONAL_MOUNTS=()
+if [[ -d /etc/static ]]; then
+  CONDITIONAL_MOUNTS+=(--ro-bind /etc/static /etc/static)
+fi
+
 # --dry-run: print the bwrap command without executing (D-09, UX-04)
 if [[ "$DRY_RUN" == true ]]; then
   {
@@ -306,7 +312,11 @@ if [[ "$DRY_RUN" == true ]]; then
     echo "  --bind /nix/var/nix /nix/var/nix \\"
     echo "  --ro-bind /etc/resolv.conf /etc/resolv.conf \\"
     echo "  --ro-bind /etc/ssl /etc/ssl \\"
-    echo "  --ro-bind /etc/static /etc/static \\"
+    local cm_i=0
+    while (( cm_i < ${#CONDITIONAL_MOUNTS[@]} )); do
+      echo "  ${CONDITIONAL_MOUNTS[$cm_i]} ${CONDITIONAL_MOUNTS[$((cm_i+1))]} ${CONDITIONAL_MOUNTS[$((cm_i+2))]} \\"
+      (( cm_i += 3 ))
+    done
     echo "  --ro-bind /etc/passwd /etc/passwd \\"
     echo "  --ro-bind /etc/group /etc/group \\"
     echo "  --ro-bind /etc/hosts /etc/hosts \\"
@@ -336,7 +346,7 @@ exec bwrap \
   --bind /nix/var/nix /nix/var/nix \
   --ro-bind /etc/resolv.conf /etc/resolv.conf \
   --ro-bind /etc/ssl /etc/ssl \
-  --ro-bind /etc/static /etc/static \
+  "${CONDITIONAL_MOUNTS[@]}" \
   --ro-bind /etc/passwd /etc/passwd \
   --ro-bind /etc/group /etc/group \
   --ro-bind /etc/hosts /etc/hosts \