Claude Code hooks invoke /bin/sh which doesn't exist in the bwrap
sandbox. Symlink bash to /bin/sh alongside the existing /usr/bin/env
symlink so all hook-based tooling (GSD statusline, project hooks)
works correctly inside claudebox.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace --bind ~/.claudebox + --symlink with direct --bind ~/.claude ~/.claude
- Add compute_canonical_root() function using git rev-parse --git-common-dir
- Add per-project INSTANCE_DIR via sha256sum[:16] of canonical git root
- Overlay projects/ with per-project hash dir for isolated conversation history
- Overlay history.jsonl and SANDBOX.md as file-level bind mounts
- Update credential mount target from ~/.claudebox to ~/.claude
- Add CLAUDE_JSON_FILE (~/.claude.json) detection and conditional bind mount
- Remove stale CLAUDE.md injection logic (D-06: user's real CLAUDE.md used)
- Update dry-run block and print_audit to reflect new mount layout
- Update SANDBOX.md heredoc to remove ~/.claudebox reference
- Replace three-section audit with single unified list using [~]/[>]/[+] prefixes
- [~] green = sandbox-generated, [>] yellow = host allowlisted, [+] cyan = extra
- Prefixes are readable without color (accessibility requirement)
- PATH retains multiline indented display
- Add Mounts section: CWD, ~/.claude, and conditional credentials bind
- Add Network section: 'full (host network)' as Phase 6 placeholder
- All output to stderr, mask_value called for all env var values
- Add CREDS_FILE/CREDS_MOUNT detection after mkdir ~/.claudebox
- Conditional --bind in exec bwrap via BWRAP_ARGS array
- Mirror conditional bind in --dry-run display block
- Read-write mount (not ro-bind) for OAuth token refresh
- Silent skip when credentials file absent (no error/warning)
- Refactor exec bwrap to BWRAP_ARGS array for conditional mount support
Both paths now resolve inside the sandbox, so hook paths
and settings referencing ~/.claude work without fixups.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Resolve SHELL to nix store bash path (was /bin/bash which doesn't exist in sandbox)
- Inject clean SANDBOX_PATH via makeBinPath (was leaking entire host PATH)
- Add --shell flag to drop into sandboxed bash for manual verification
- Use nix-claude-code flake for claude-code binary instead of host PATH discovery
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
readlink -f ensures CLAUDE_BIN and env point to real nix store
paths accessible inside the bwrap sandbox.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
