7.6 KiB
| phase | plan | type | wave | depends_on | files_modified | autonomous | requirements | must_haves | |||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 01-minimal-viable-sandbox | 02 | execute | 2 |
|
false |
|
|
Purpose: Confirm the sandbox actually isolates secrets, passes through tools, and runs Claude Code successfully. Output: Verified working claudebox command.
<execution_context> @$HOME/.claude/get-shit-done/workflows/execute-plan.md @$HOME/.claude/get-shit-done/templates/summary.md </execution_context>
@.planning/PROJECT.md @.planning/ROADMAP.md @.planning/phases/01-minimal-viable-sandbox/01-CONTEXT.md @.planning/phases/01-minimal-viable-sandbox/01-01-SUMMARY.md @flake.nix @claudebox.sh Task 1: Build flake and run automated smoke tests flake.nix claudebox.sh Run the following commands sequentially, fixing any issues that arise:Step 1: Build the flake
cd /home/toph/code/tools/claudebox
nix build
If this fails, read the error and fix flake.nix or claudebox.sh as needed. Common issues:
- shellcheck errors in claudebox.sh (fix the shell code)
- Missing flake.lock (nix build will create it on first run)
- Package name mismatches (verify against nixpkgs)
Step 2: Verify the binary exists
ls -la result/bin/claudebox
Step 3: Run a minimal bwrap test without Claude To test the sandbox without needing Claude, run just the bwrap portion to verify mounts and env isolation. Extract the bwrap invocation concept and test key properties:
# Test that the built script at least starts (will fail at claude lookup if claude not in PATH, that's ok)
# Instead, test bwrap directly using the same flags pattern:
# Test 1: Verify --clearenv produces empty env
result/bin/claudebox 2>&1 || true
# If claude is found, it will launch. If not, we get the expected error.
Since claudebox requires claude in PATH and will exec into it, automated testing is limited. The key automated checks are:
nix buildsucceeds (shellcheck passes, all deps resolve)result/bin/claudeboxexists and is executable- The script content in the Nix store passes basic sanity:
cat result/bin/claudeboxshows the wrapper with correct PATH setup
Run:
# Check the built wrapper contains expected runtimeInputs in PATH
cat result/bin/claudebox | head -20
If nix build fails due to shellcheck issues in claudebox.sh, fix them. Common shellcheck fixes:
- SC2086: Double-quote variable expansions
- SC2034: Unused variables (may need
# shellcheck disable=SC2034if intentional) - SC2155: Declare and assign separately
After build succeeds, if claude is available on the host PATH, run a quick sandbox test:
# Quick test: launch claudebox with --help to verify it starts and exits cleanly
result/bin/claudebox --help 2>&1 | head -5 || true
This should show Claude Code's help output if everything is wired correctly, or show a meaningful error.
test -x /home/toph/code/tools/claudebox/result/bin/claudebox && echo "PASS: binary exists" || echo "FAIL: binary missing"
<acceptance_criteria>
- nix build exits 0 (no shellcheck errors, all deps resolve)
- result/bin/claudebox exists and is executable
- flake.lock exists (created by first build)
- The built wrapper script in the Nix store contains runtimeInputs PATH entries (visible in cat result/bin/claudebox)
</acceptance_criteria>
nix build succeeds and produces an executable claudebox binary
-
Inside the Claude session, verify environment isolation:
- Ask Claude to run
env | sort-- should show ONLY allowlisted vars (HOME, PATH, TERM, USER, SHELL, TMPDIR, etc.) - Confirm NO appearance of: SSH_AUTH_SOCK, AWS_PROFILE, GITHUB_TOKEN, or any secret vars
- Ask Claude to run
-
Verify filesystem isolation:
- Ask Claude to run
ls ~/.ssh-- should fail (directory not found) - Ask Claude to run
ls ~/.gnupg-- should fail - Ask Claude to run
ls ~/.aws-- should fail - Ask Claude to run
ls ~/.claude-- should succeed (mapped from ~/.claudebox)
- Ask Claude to run
-
Verify tools work:
- Ask Claude to run
git status-- should work in the project dir - Ask Claude to run
curl -s https://example.com | head -5-- should return HTML (DNS + SSL work) - Ask Claude to run
, jq --help | head -3-- should install and run jq via comma - Ask Claude to run
rg --version-- should show ripgrep version
- Ask Claude to run
-
Exit Claude (Ctrl+C or /exit) and verify:
- The shell returns to your normal prompt
echo $?shows the exit code from Claude (typically 0) echo "CHECKPOINT: requires human verification" User confirms all sandbox isolation and tool provisioning checks pass Type "approved" if all checks pass, or describe any issues found
<threat_model>
Trust Boundaries
| Boundary | Description |
|---|---|
| Build output -> Runtime | Nix build produces the sandbox script; verification confirms it behaves as designed |
STRIDE Threat Register
| Threat ID | Category | Component | Disposition | Mitigation Plan |
|---|---|---|---|---|
| T-01-08 | Information Disclosure | Env leak in built binary | mitigate | Manual verification (Task 2 step 2) confirms only allowlisted vars appear in env output inside sandbox |
| T-01-09 | Information Disclosure | Secret path accessible | mitigate | Manual verification (Task 2 step 3) confirms ~/.ssh, ~/.gnupg, ~/.aws are not visible |
| </threat_model> |
<success_criteria>
- claudebox builds from the Nix flake without errors
- Human verifies the sandbox isolates secrets and provides working tools
- Phase 1 success criteria from ROADMAP.md are met </success_criteria>