toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
claudebox/.planning/STATE.md
Christopher Mühl 6465da8583 feat(04-01): add credential file mount for OAuth passthrough 
- Add CREDS_FILE/CREDS_MOUNT detection after mkdir ~/.claudebox
- Conditional --bind in exec bwrap via BWRAP_ARGS array
- Mirror conditional bind in --dry-run display block
- Read-write mount (not ro-bind) for OAuth token refresh
- Silent skip when credentials file absent (no error/warning)
- Refactor exec bwrap to BWRAP_ARGS array for conditional mount support
2026-04-10 09:20:18 +00:00

2.1 KiB
Raw Blame History

gsd_state_version milestone milestone_name status stopped_at last_updated last_activity progress
1.0 v1.0 milestone executing Phase 3 context gathered 2026-04-09T19:24:16.913Z 2026-04-09
total_phases completed_phases total_plans completed_plans percent
3 3 5 5 100

Project State

Project Reference

See: .planning/PROJECT.md (updated 2026-04-09)

Core value: Secrets never enter the Claude Code environment Current focus: Phase 2 (next)

Current Position

Phase: 03 of 3 (sandbox aware prompting) Plan: Not started Status: Ready to execute Last activity: 2026-04-10 - Completed quick task 260410-d4u: on non-nixos hosts, bwrap fails because /etc/static does not exist

Progress: [███░░░░░░░] 33%

Performance Metrics

Velocity:

| Phase 01 P01 | 1min | 2 tasks | 3 files | | Phase 01 P02 | 1min | 2 tasks | 1 file |

Accumulated Context

Decisions

  • [Phase 01]: Claude Code provided via nix-claude-code flake (ryoppippi/nix-claude-code), not host PATH
  • [Phase 01]: readlink -f required to resolve NixOS profile symlinks to real nix store paths for bwrap visibility
  • [Phase 01]: SANDBOX_PATH built via makeBinPath in flake.nix to prevent host PATH leakage
  • [Phase 01]: SHELL set to nix store bash path, not /bin/bash (doesn't exist in tmpfs root)
  • [Phase 01]: --shell flag added for manual sandbox debugging
  • [Phase 01]: SSL cert verification failure is a host-level NixOS issue, not sandbox-specific

Pending Todos

None.

Blockers/Concerns

  • SSL cert verification fails system-wide (host + sandbox) -- NixOS/OpenSSL issue, not claudebox

Quick Tasks Completed

# Description Date Commit Directory
260410-d4u on non-nixos hosts, bwrap fails because /etc/static does not exist 2026-04-10 97c10f8 260410-d4u-on-non-nixos-hosts-bwrap-fails-because-e

Session Continuity

Last session: 2026-04-09T18:59:43.248Z Stopped at: Phase 3 context gathered Resume file: .planning/phases/03-sandbox-aware-prompting/03-CONTEXT.md