- Replace three-section audit with single unified list using [~]/[>]/[+] prefixes
- [~] green = sandbox-generated, [>] yellow = host allowlisted, [+] cyan = extra
- Prefixes are readable without color (accessibility requirement)
- PATH retains multiline indented display
- Add Mounts section: CWD, ~/.claude, and conditional credentials bind
- Add Network section: 'full (host network)' as Phase 6 placeholder
- All output to stderr, mask_value called for all env var values
- Add CREDS_FILE/CREDS_MOUNT detection after mkdir ~/.claudebox
- Conditional --bind in exec bwrap via BWRAP_ARGS array
- Mirror conditional bind in --dry-run display block
- Read-write mount (not ro-bind) for OAuth token refresh
- Silent skip when credentials file absent (no error/warning)
- Refactor exec bwrap to BWRAP_ARGS array for conditional mount support
Both paths now resolve inside the sandbox, so hook paths
and settings referencing ~/.claude work without fixups.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Resolve SHELL to nix store bash path (was /bin/bash which doesn't exist in sandbox)
- Inject clean SANDBOX_PATH via makeBinPath (was leaking entire host PATH)
- Add --shell flag to drop into sandboxed bash for manual verification
- Use nix-claude-code flake for claude-code binary instead of host PATH discovery
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
readlink -f ensures CLAUDE_BIN and env point to real nix store
paths accessible inside the bwrap sandbox.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
