toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(260504-bw4): make SANDBOX.md conditional on SSH activation

Browse source
This commit is contained in:
Christopher Mühl 2026-05-04 08:39:30 +00:00
parent 41ebf10458
commit e9154fd691
1 changed files with 39 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
claudebox.sh
View file

@ -229,8 +229,40 @@ fi
# === Sandbox-aware prompting (AWARE-01, AWARE-02) === # === Sandbox-aware prompting (AWARE-01, AWARE-02) ===
# Build SSH-conditional SANDBOX.md content blocks
if [[ "$SSH_ACTIVE" == true ]]; then
_ssh_notes=""
[[ "$WITH_SSH" == true ]] && _ssh_notes+="- ssh-agent socket forwarded via \$SSH_AUTH_SOCK"$'\n'
(( ${#SSH_KEYS[@]} > 0 )) && _ssh_notes+="- Explicit key file(s) mounted read-only at ~/.ssh/"$'\n'
SANDBOX_RESTRICTIONS_BLOCK="## Default Restrictions
By default, the following are not mounted into the sandbox:
- GPG and age keys (~/.gnupg, age key files)
- Cloud credentials (~/.aws, ~/.config/gcloud)
- Tailscale state
## SSH
SSH is available in this session:
${_ssh_notes}
Use \`git push\`/\`git pull\` over SSH normally."
SANDBOX_GIT_TAIL="SSH remotes work in this session."
unset _ssh_notes
else
SANDBOX_RESTRICTIONS_BLOCK="## Default Restrictions
By default, the following are not mounted into the sandbox:
- SSH keys (~/.ssh)
- GPG and age keys (~/.gnupg, age key files)
- Cloud credentials (~/.aws, ~/.config/gcloud)
- Tailscale state
If your setup has been customized, some of these may be available."
SANDBOX_GIT_TAIL="For remote operations, prefer HTTPS URLs over SSH since SSH keys are not available by default."
fi
# Write SANDBOX.md -- fully managed, overwritten every launch (D-02) # Write SANDBOX.md -- fully managed, overwritten every launch (D-02)
cat > "$HOME/.claudebox/SANDBOX.md" << 'SANDBOXEOF' cat > "$HOME/.claudebox/SANDBOX.md" <<SANDBOXEOF
# Sandbox Environment # Sandbox Environment
You are running inside a bubblewrap (bwrap) sandbox managed by claudebox. You are running inside a bubblewrap (bwrap) sandbox managed by claudebox.
@ -243,30 +275,21 @@ from the host, with per-project isolation for conversation history.
You have two ways to install tools on the fly: You have two ways to install tools on the fly:
**Comma (preferred for quick one-off commands):** **Comma (preferred for quick one-off commands):**
`, ripgrep` runs ripgrep without permanent installation. Comma uses \`, ripgrep\` runs ripgrep without permanent installation. Comma uses
nix-index to find the right package automatically. nix-index to find the right package automatically.
**Nix shell (for persistent access within the session):** **Nix shell (for persistent access within the session):**
`nix shell nixpkgs#python3 -c python3 script.py` runs a command with \`nix shell nixpkgs#python3 -c python3 script.py\` runs a command with
a package available. To keep it in your PATH for the session: a package available. To keep it in your PATH for the session:
`nix shell nixpkgs#python3` then use `python3` normally. \`nix shell nixpkgs#python3\` then use \`python3\` normally.
## Default Restrictions ${SANDBOX_RESTRICTIONS_BLOCK}
By default, the following are not mounted into the sandbox:
- SSH keys (~/.ssh)
- GPG and age keys (~/.gnupg, age key files)
- Cloud credentials (~/.aws, ~/.config/gcloud)
- Tailscale state
If your setup has been customized, some of these may be available.
## Git ## Git
Your git identity (name and email) is pre-configured from the host. Your git identity (name and email) is pre-configured from the host.
The `safe.directory` setting trusts the mounted working directory. The \`safe.directory\` setting trusts the mounted working directory.
For remote operations, prefer HTTPS URLs over SSH since SSH keys ${SANDBOX_GIT_TAIL}
are not available by default.
SANDBOXEOF SANDBOXEOF
# Generate minimal .gitconfig (D-05) # Generate minimal .gitconfig (D-05)