toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
claudebox/.planning/seeds/SEED-001-agent-agnostic.md
Christopher Mühl dd6742abef
docs: plant seed — agent-agnostic sandbox support 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 13:03:55 +02:00

2.1 KiB
Raw Blame History

id status planted planted_during trigger_when scope
SEED-001 dormant 2026-04-09 v1.0 / Phase 1 v2.0 milestone Large

SEED-001: Make claudebox agent-agnostic

Why This Matters

claudebox currently hardcodes Claude Code as the sandboxed agent. But the bwrap sandbox pattern (clearenv, filesystem isolation, secret hiding, tool provisioning) is equally useful for other AI coding agents — Codex, Gemini CLI, OpenRouter-based tools, etc. Making the sandbox agent-agnostic turns claudebox from a single-tool wrapper into a general-purpose AI sandbox that works with whatever agent the user prefers.

When to Surface

Trigger: v2.0 milestone — when starting the next major version after the Claude-specific sandbox is stable and proven.

This seed should be presented during /gsd-new-milestone when the milestone scope matches any of these conditions:

  • Multi-agent or agent-agnostic support is discussed
  • v2.0 planning begins
  • User wants to support additional AI coding tools

Scope Estimate

Large — full milestone. Requires rethinking the command structure (agent selection via flag or config), agent-specific env var allowlists, agent-specific binary resolution, and potentially different bwrap mount profiles per agent (e.g., Codex may need different paths than Claude).

Breadcrumbs

Related code and decisions in the current codebase:

  • claudebox.shCLAUDE_BIN resolution and --dangerously-skip-permissions are Claude-specific
  • flake.nixclaude-code is a hardcoded runtimeInput via nix-claude-code flake
  • .planning/phases/01-minimal-viable-sandbox/01-01-PLAN.md — threat model assumes Claude Code specifically
  • CLAUDEBOX_EXTRA_ENV escape hatch already provides a pattern for agent-specific env needs

Notes

Key design questions for v2.0:

  • Should agents be selectable via claudebox --agent codex or via config file?
  • Should each agent have its own env allowlist profile?
  • Rename from "claudebox" to something agent-neutral? (breaking change)
  • The --dangerously-skip-permissions flag is Claude-specific — other agents have different permission models