toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
98 commits 1 branch 1 tag 574 KiB
Commit graph

2 commits

Author SHA1 Message Date
Christopher Mühl
72dfde91a8
feat!: thin layer over Claude /sandbox + nftables CIDR block 
Drops bwrap orchestration, history overlay, forced
--dangerously-skip-permissions, SANDBOX.md injection, env-file
loading. claude --sandbox handles kernel isolation; claudebox
manages settings.local.json sandbox.* keys and installs nftables
rules matched on claude-sandbox.slice cgroup membership.

New flake outputs: nixosModules.default + checks.wrapper-syntax.
Docs updated to reflect the layered (not structural) FS guarantee.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-11 12:19:40 +02:00
Christopher Mühl
fbca134511
docs: add scope/limits section, GUARANTEES and THREAT-MODEL 
README gains a scope section linking to two new docs: GUARANTEES.md
(mechanism-level reasoning behind hard guarantees) and THREAT-MODEL.md
(posture ladder, lethal-trifecta framing).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-11 09:21:47 +02:00