fix(04): CR-01 CR-02 WR-01 fix credential path and use read-only bind mount

claudebox.sh

@@ -102,7 +102,9 @@ CWD=$(pwd)
 mkdir -p "$HOME/.claudebox"
 
 # Credential file mount (AUTH-01, AUTH-02)
-CREDS_FILE="$HOME/.claude/.credentials.json"
+# Use ~/.claudebox (the host-side claudebox config dir), not ~/.claude
+# ~/.claude -> ~/.claudebox symlink only exists inside the sandbox at runtime
+CREDS_FILE="$HOME/.claudebox/.credentials.json"
 if [[ -f "$CREDS_FILE" ]]; then
   CREDS_MOUNT=true
 else
@@ -264,7 +266,7 @@ print_audit() {
   printf '  %-12s %s   (read-write)\n' "CWD" "$CWD" >&2
   printf '  %-12s %s   (read-write)\n' "~/.claude" "$HOME/.claudebox" >&2
   if [[ "$CREDS_MOUNT" == true ]]; then
-    printf '  %-12s %s   (read-write)\n' "credentials" "$HOME/.claude/.credentials.json" >&2
+    printf '  %-12s %s   (read-only)\n' "credentials" "$CREDS_FILE" >&2
   fi
 
   echo "" >&2
@@ -328,7 +330,7 @@ if [[ "$DRY_RUN" == true ]]; then
     echo "  --bind $HOME/.claudebox $HOME/.claudebox \\"
     echo "  --symlink $HOME/.claudebox $HOME/.claude \\"
     if [[ "$CREDS_MOUNT" == true ]]; then
-      echo "  --bind $CREDS_FILE $HOME/.claude/.credentials.json \\"
+      echo "  --ro-bind $CREDS_FILE $HOME/.claudebox/.credentials.json \\"
     fi
     printf '  --ro-bind %q %s/.gitconfig \\\n' "$GITCONFIG_TMP" "$HOME"
     echo "  --bind $CWD $CWD \\"
@@ -361,7 +363,7 @@ BWRAP_ARGS=(
   --symlink "$HOME/.claudebox" "$HOME/.claude"
 )
 if [[ "$CREDS_MOUNT" == true ]]; then
-  BWRAP_ARGS+=(--bind "$CREDS_FILE" "$HOME/.claude/.credentials.json")
+  BWRAP_ARGS+=(--ro-bind "$CREDS_FILE" "$HOME/.claudebox/.credentials.json")
 fi
 BWRAP_ARGS+=(
   --ro-bind "$GITCONFIG_TMP" "$HOME/.gitconfig"