toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
28 commits 1 branch 1 tag 574 KiB
Commit graph

6 commits

Author SHA1 Message Date
Christopher Mühl
7001303436
feat(02-01): add --check mode for prerequisite verification 2026-04-09 17:13:18 +02:00
Christopher Mühl
1eddd9336d
feat(02-01): add --dry-run mode that prints full bwrap command and exits 2026-04-09 17:13:17 +02:00
Christopher Mühl
72ba48d004
feat(02-01): refactor flag parsing to while/shift with CLAUDE_ARGS accumulator 2026-04-09 17:13:17 +02:00
Christopher Mühl
613d015cc1
fix: SHELL path, PATH isolation, --shell flag, nix-claude-code input 
- Resolve SHELL to nix store bash path (was /bin/bash which doesn't exist in sandbox)
- Inject clean SANDBOX_PATH via makeBinPath (was leaking entire host PATH)
- Add --shell flag to drop into sandboxed bash for manual verification
- Use nix-claude-code flake for claude-code binary instead of host PATH discovery

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-09 14:59:43 +02:00
Christopher Mühl
9296453be3
fix(01-02): resolve claude and env paths through symlinks 
readlink -f ensures CLAUDE_BIN and env point to real nix store
paths accessible inside the bwrap sandbox.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-09 11:14:50 +02:00
Christopher Mühl
51dba047f3
feat(01-01): add claudebox.sh with bwrap sandbox, env allowlist, and secret hiding 2026-04-09 11:11:44 +02:00