toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
claudebox/.planning/phases/01-minimal-viable-sandbox/01-01-SUMMARY.md
Christopher Mühl c5e8cca867 feat(05-01): rewrite mount architecture with per-project instance isolation 
- Replace --bind ~/.claudebox + --symlink with direct --bind ~/.claude ~/.claude
- Add compute_canonical_root() function using git rev-parse --git-common-dir
- Add per-project INSTANCE_DIR via sha256sum[:16] of canonical git root
- Overlay projects/ with per-project hash dir for isolated conversation history
- Overlay history.jsonl and SANDBOX.md as file-level bind mounts
- Update credential mount target from ~/.claudebox to ~/.claude
- Add CLAUDE_JSON_FILE (~/.claude.json) detection and conditional bind mount
- Remove stale CLAUDE.md injection logic (D-06: user's real CLAUDE.md used)
- Update dry-run block and print_audit to reflect new mount layout
- Update SANDBOX.md heredoc to remove ~/.claudebox reference
2026-04-13 09:00:53 +00:00

95 lines
3.5 KiB
Markdown
Raw Blame History

---
phase: 01-minimal-viable-sandbox
plan: 01
subsystem: infra
tags: [nix, bubblewrap, bwrap, sandbox, writeShellApplication, flake, comma-with-db]
requires: []
provides:
- "claudebox command via nix build/run"
- "bwrap sandbox with clearenv + env allowlist"
- "filesystem isolation with secret path hiding"
- "git identity forwarding via generated .gitconfig"
- "comma/nix tool provisioning inside sandbox"
affects: [02-verification-and-hardening]
tech-stack:
added: [bubblewrap, writeShellApplication, nix-index-database, comma-with-db]
patterns: [clearenv-allowlist, tmpfs-root-selective-bind, exec-for-signal-passthrough]
key-files:
created: [flake.nix, claudebox.sh, flake.lock]
modified: []
key-decisions:
- "Claude Code discovered from host PATH at runtime, not bundled as runtimeInput"
- "Sandbox-generated vars (TMPDIR, XDG_RUNTIME_DIR) never read from host"
- "CLAUDEBOX_EXTRA_ENV comma-separated escape hatch for user-added env vars"
patterns-established:
- "writeShellApplication + builtins.readFile: keep shell script separate for syntax highlighting and independent shellcheck"
- "clearenv + setenv: start empty, allowlist explicitly"
- "tmpfs root + selective bind-mounts: nothing visible unless explicitly mounted"
- "exec bwrap: no intermediate shell, signals propagate, exit code passes through"
requirements-completed: [SAND-01, SAND-02, SAND-03, SAND-04, SAND-05, SAND-06, SAND-07, SAND-08, SAND-09, SAND-10, SAND-11, SAND-12, SAND-13, SAND-14, SAND-15, TOOL-01, TOOL-02, TOOL-03, GIT-01, GIT-02, NIX-01, NIX-02, NIX-03, UX-06]
duration: 1min
completed: 2026-04-09
---
# Phase 1 Plan 01: Nix Flake and Sandbox Script Summary
**Nix flake with writeShellApplication producing claudebox wrapper that runs Claude Code inside bwrap with clearenv, env allowlist, tmpfs root, secret hiding, git identity forwarding, and comma/nix tool access**
## Performance
- **Duration:** ~1 min
- **Started:** 2026-04-09T09:10:55Z
- **Completed:** 2026-04-09T09:12:10Z
- **Tasks:** 2
- **Files created:** 3 (flake.nix, claudebox.sh, flake.lock)
## Accomplishments
- Nix flake with 11 runtimeInputs (bubblewrap, coreutils, git, curl, jq, ripgrep, fd, nix, comma-with-db, bash, nodejs) and nix-index-database flake input
- Shell script with complete bwrap invocation: clearenv, env allowlist with CLAUDEBOX_EXTRA_ENV escape hatch, tmpfs root, selective bind-mounts, git identity generation, secret path exclusion
- `nix build` succeeds -- derivation builds and passes shellcheck
## Task Commits
Each task was committed atomically:
1. **Task 1: Create flake.nix** - `0ed2d33` (feat)
2. **Task 2: Create claudebox.sh** - `51dba04` (feat)
3. **flake.lock generated by nix flake check** - `26bdf36` (chore)
## Files Created/Modified
- `flake.nix` - Nix flake with writeShellApplication, all runtimeInputs, nix-index-database input
- `claudebox.sh` - bwrap sandbox script with clearenv, env allowlist, filesystem isolation, git identity
- `flake.lock` - Pinned nixpkgs and nix-index-database versions
## Decisions Made
None - followed plan as specified.
## Deviations from Plan
None - plan executed exactly as written.
## Issues Encountered
None.
## User Setup Required
None - no external service configuration required.
## Next Phase Readiness
- claudebox builds successfully via `nix build`
- Ready for 01-02 (verification and manual testing)
- Requires `claude` to be available on host PATH for runtime use
## Self-Check: PASSED
All 3 files exist. All 3 commits verified.
---
*Phase: 01-minimal-viable-sandbox*
*Completed: 2026-04-09*
Reference in a new issue View git blame Copy permalink