Christopher Mühl
c5e8cca867
- Replace --bind ~/.claudebox + --symlink with direct --bind ~/.claude ~/.claude - Add compute_canonical_root() function using git rev-parse --git-common-dir - Add per-project INSTANCE_DIR via sha256sum[:16] of canonical git root - Overlay projects/ with per-project hash dir for isolated conversation history - Overlay history.jsonl and SANDBOX.md as file-level bind mounts - Update credential mount target from ~/.claudebox to ~/.claude - Add CLAUDE_JSON_FILE (~/.claude.json) detection and conditional bind mount - Remove stale CLAUDE.md injection logic (D-06: user's real CLAUDE.md used) - Update dry-run block and print_audit to reflect new mount layout - Update SANDBOX.md heredoc to remove ~/.claudebox reference
71 lines
2 KiB
Markdown
71 lines
2 KiB
Markdown
---
|
|
gsd_state_version: 1.0
|
|
milestone: v1.0
|
|
milestone_name: milestone
|
|
status: executing
|
|
stopped_at: Phase 3 context gathered
|
|
last_updated: "2026-04-10T09:33:52.025Z"
|
|
last_activity: 2026-04-10
|
|
progress:
|
|
total_phases: 3
|
|
completed_phases: 0
|
|
total_plans: 0
|
|
completed_plans: 0
|
|
percent: 33
|
|
---
|
|
|
|
# Project State
|
|
|
|
## Project Reference
|
|
|
|
See: .planning/PROJECT.md (updated 2026-04-09)
|
|
|
|
**Core value:** Secrets never enter the Claude Code environment
|
|
**Current focus:** Phase 2 (next)
|
|
|
|
## Current Position
|
|
|
|
Phase: 04 of 3 (sandbox aware prompting)
|
|
Plan: Not started
|
|
Status: Ready to execute
|
|
Last activity: 2026-04-10
|
|
|
|
Progress: [███░░░░░░░] 33%
|
|
|
|
## Performance Metrics
|
|
|
|
**Velocity:**
|
|
|
|
| Phase 01 P01 | 1min | 2 tasks | 3 files |
|
|
| Phase 01 P02 | 1min | 2 tasks | 1 file |
|
|
|
|
## Accumulated Context
|
|
|
|
### Decisions
|
|
|
|
- [Phase 01]: Claude Code provided via nix-claude-code flake (ryoppippi/nix-claude-code), not host PATH
|
|
- [Phase 01]: readlink -f required to resolve NixOS profile symlinks to real nix store paths for bwrap visibility
|
|
- [Phase 01]: SANDBOX_PATH built via makeBinPath in flake.nix to prevent host PATH leakage
|
|
- [Phase 01]: SHELL set to nix store bash path, not /bin/bash (doesn't exist in tmpfs root)
|
|
- [Phase 01]: --shell flag added for manual sandbox debugging
|
|
- [Phase 01]: SSL cert verification failure is a host-level NixOS issue, not sandbox-specific
|
|
|
|
### Pending Todos
|
|
|
|
None.
|
|
|
|
### Blockers/Concerns
|
|
|
|
- SSL cert verification fails system-wide (host + sandbox) -- NixOS/OpenSSL issue, not claudebox
|
|
|
|
### Quick Tasks Completed
|
|
|
|
| # | Description | Date | Commit | Directory |
|
|
|---|-------------|------|--------|-----------|
|
|
| 260410-d4u | on non-nixos hosts, bwrap fails because /etc/static does not exist | 2026-04-10 | 97c10f8 | [260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e](./quick/260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e/) |
|
|
|
|
## Session Continuity
|
|
|
|
Last session: 2026-04-09T18:59:43.248Z
|
|
Stopped at: Phase 3 context gathered
|
|
Resume file: .planning/phases/03-sandbox-aware-prompting/03-CONTEXT.md
|