toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: plant seed — agent-agnostic sandbox support

Browse source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Christopher Mühl 2026-04-09 13:03:55 +02:00
parent e385f414ca
commit dd6742abef
No known key found for this signature in database
GPG key ID: 925AC7D69955293F
1 changed files with 44 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
.planning/seeds/SEED-001-agent-agnostic.md Normal file
View file

@ -0,0 +1,44 @@
---
id: SEED-001
status: dormant
planted: 2026-04-09
planted_during: v1.0 / Phase 1
trigger_when: v2.0 milestone
scope: Large
---
# SEED-001: Make claudebox agent-agnostic
## Why This Matters
claudebox currently hardcodes Claude Code as the sandboxed agent. But the bwrap sandbox pattern (clearenv, filesystem isolation, secret hiding, tool provisioning) is equally useful for other AI coding agents — Codex, Gemini CLI, OpenRouter-based tools, etc. Making the sandbox agent-agnostic turns claudebox from a single-tool wrapper into a general-purpose AI sandbox that works with whatever agent the user prefers.
## When to Surface
**Trigger:** v2.0 milestone — when starting the next major version after the Claude-specific sandbox is stable and proven.
This seed should be presented during `/gsd-new-milestone` when the milestone scope matches any of these conditions:
- Multi-agent or agent-agnostic support is discussed
- v2.0 planning begins
- User wants to support additional AI coding tools
## Scope Estimate
**Large** — full milestone. Requires rethinking the command structure (agent selection via flag or config), agent-specific env var allowlists, agent-specific binary resolution, and potentially different bwrap mount profiles per agent (e.g., Codex may need different paths than Claude).
## Breadcrumbs
Related code and decisions in the current codebase:
- `claudebox.sh``CLAUDE_BIN` resolution and `--dangerously-skip-permissions` are Claude-specific
- `flake.nix``claude-code` is a hardcoded runtimeInput via `nix-claude-code` flake
- `.planning/phases/01-minimal-viable-sandbox/01-01-PLAN.md` — threat model assumes Claude Code specifically
- `CLAUDEBOX_EXTRA_ENV` escape hatch already provides a pattern for agent-specific env needs
## Notes
Key design questions for v2.0:
- Should agents be selectable via `claudebox --agent codex` or via config file?
- Should each agent have its own env allowlist profile?
- Rename from "claudebox" to something agent-neutral? (breaking change)
- The `--dangerously-skip-permissions` flag is Claude-specific — other agents have different permission models