chore: merge executor worktree (worktree-agent-a9a8ae0c)
This commit is contained in:
commit
a36956236a
1 changed files with 51 additions and 0 deletions
51
claudebox.sh
51
claudebox.sh
|
|
@ -101,6 +101,57 @@ CWD=$(pwd)
|
|||
# Ensure ~/.claudebox exists
|
||||
mkdir -p "$HOME/.claudebox"
|
||||
|
||||
# === Sandbox-aware prompting (AWARE-01, AWARE-02) ===
|
||||
|
||||
# Write SANDBOX.md -- fully managed, overwritten every launch (D-02)
|
||||
cat > "$HOME/.claudebox/SANDBOX.md" << 'SANDBOXEOF'
|
||||
# Sandbox Environment
|
||||
|
||||
You are running inside a bubblewrap (bwrap) sandbox managed by claudebox.
|
||||
Your filesystem is isolated -- only the current working directory and
|
||||
essential system paths are mounted.
|
||||
|
||||
## Installing Tools
|
||||
|
||||
You have two ways to install tools on the fly:
|
||||
|
||||
**Comma (preferred for quick one-off commands):**
|
||||
`, ripgrep` runs ripgrep without permanent installation. Comma uses
|
||||
nix-index to find the right package automatically.
|
||||
|
||||
**Nix shell (for persistent access within the session):**
|
||||
`nix shell nixpkgs#python3 -c python3 script.py` runs a command with
|
||||
a package available. To keep it in your PATH for the session:
|
||||
`nix shell nixpkgs#python3` then use `python3` normally.
|
||||
|
||||
## Default Restrictions
|
||||
|
||||
By default, the following are not mounted into the sandbox:
|
||||
- SSH keys (~/.ssh)
|
||||
- GPG and age keys (~/.gnupg, age key files)
|
||||
- Cloud credentials (~/.aws, ~/.config/gcloud)
|
||||
- Tailscale state
|
||||
|
||||
If your setup has been customized, some of these may be available.
|
||||
|
||||
## Git
|
||||
|
||||
Your git identity (name and email) is pre-configured from the host.
|
||||
The `safe.directory` setting trusts the mounted working directory.
|
||||
For remote operations, prefer HTTPS URLs over SSH since SSH keys
|
||||
are not available by default.
|
||||
SANDBOXEOF
|
||||
|
||||
# Ensure CLAUDE.md has @SANDBOX.md import (D-03, D-08, AWARE-01)
|
||||
CLAUDEMD="$HOME/.claudebox/CLAUDE.md"
|
||||
if [[ ! -f "$CLAUDEMD" ]]; then
|
||||
printf '%s\n' "@SANDBOX.md" > "$CLAUDEMD"
|
||||
elif [[ "$(head -1 "$CLAUDEMD")" != "@SANDBOX.md" ]]; then
|
||||
tmp=$(mktemp)
|
||||
{ printf '%s\n' "@SANDBOX.md"; cat "$CLAUDEMD"; } > "$tmp"
|
||||
mv "$tmp" "$CLAUDEMD"
|
||||
fi
|
||||
|
||||
# Generate minimal .gitconfig (D-05)
|
||||
GIT_NAME=$(git config --global user.name 2>/dev/null || echo "Claude User")
|
||||
GIT_EMAIL=$(git config --global user.email 2>/dev/null || echo "claude@localhost")
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue