# Phase 3: Sandbox-Aware Prompting - Discussion Log > **Audit trail only.** Do not use as input to planning, research, or execution agents. > Decisions are captured in CONTEXT.md -- this log preserves the alternatives considered. **Date:** 2026-04-09 **Phase:** 03-sandbox-aware-prompting **Areas discussed:** CLAUDE.md content, Generation behavior, Template storage --- ## CLAUDE.md Content ### Tone | Option | Description | Selected | |--------|-------------|----------| | Terse reference | Bullet points, no prose. Minimal, scannable. | | | Friendly guide | Short prose paragraphs explaining the sandbox, restrictions, and tools. | ✓ | | Minimal one-liner | Single paragraph, bare minimum. | | **User's choice:** Friendly guide **Notes:** User noted that users might inject certain secrets themselves (e.g., personal git SSH keys), so the CLAUDE.md shouldn't confuse Claude with absolute "no SSH keys" claims. ### Unavailable Section Phrasing | Option | Description | Selected | |--------|-------------|----------| | Default-aware phrasing | "By default, these are not mounted: ..." -- accurate without contradicting customizations. | ✓ | | Omit unavailable section | Don't list restrictions at all. | | | Dynamic generation | Inspect mounts at launch and generate restrictions dynamically. | | **User's choice:** Default-aware phrasing **Notes:** None ### Git Section | Option | Description | Selected | |--------|-------------|----------| | Yes, brief note | Mention git identity is pre-configured, suggest HTTPS for remotes. | ✓ | | Skip it | Git just works, let Claude figure it out. | | **User's choice:** Yes, brief note **Notes:** None --- ## Generation Behavior ### Context Injection Mechanism User redirected the discussion: instead of managing CLAUDE.md directly, use a separate SANDBOX.md file with Claude Code's `@path` import syntax. This avoids touching user content and eliminates tool-use token overhead. **Final approach:** claudebox writes SANDBOX.md (managed, overwritten each launch) and ensures CLAUDE.md has `@SANDBOX.md` import at top line (checked/re-added each launch). **User's insight:** "We don't need to write CLAUDE.md like that at all. We can just write a separate file and add a quick reference at the top." --- ## Template Storage Folded into Generation behavior -- SANDBOX.md content lives as a heredoc in claudebox.sh. No separate template file needed since the two-file architecture resolved the storage question. --- ## Claude's Discretion - Exact prose wording in SANDBOX.md - Shell implementation of first-line check - Comment markers around import line ## Deferred Ideas None