toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
claudebox/.planning/phases/03-sandbox-aware-prompting/03-DISCUSSION-LOG.md
Christopher Mühl c5e8cca867 feat(05-01): rewrite mount architecture with per-project instance isolation 
- Replace --bind ~/.claudebox + --symlink with direct --bind ~/.claude ~/.claude
- Add compute_canonical_root() function using git rev-parse --git-common-dir
- Add per-project INSTANCE_DIR via sha256sum[:16] of canonical git root
- Overlay projects/ with per-project hash dir for isolated conversation history
- Overlay history.jsonl and SANDBOX.md as file-level bind mounts
- Update credential mount target from ~/.claudebox to ~/.claude
- Add CLAUDE_JSON_FILE (~/.claude.json) detection and conditional bind mount
- Remove stale CLAUDE.md injection logic (D-06: user's real CLAUDE.md used)
- Update dry-run block and print_audit to reflect new mount layout
- Update SANDBOX.md heredoc to remove ~/.claudebox reference
2026-04-13 09:00:53 +00:00

2.6 KiB
Raw Blame History

Phase 3: Sandbox-Aware Prompting - Discussion Log

Audit trail only. Do not use as input to planning, research, or execution agents. Decisions are captured in CONTEXT.md -- this log preserves the alternatives considered.

Date: 2026-04-09 Phase: 03-sandbox-aware-prompting Areas discussed: CLAUDE.md content, Generation behavior, Template storage

CLAUDE.md Content

Tone

Option Description Selected
Terse reference Bullet points, no prose. Minimal, scannable.
Friendly guide Short prose paragraphs explaining the sandbox, restrictions, and tools.
Minimal one-liner Single paragraph, bare minimum.

User's choice: Friendly guide Notes: User noted that users might inject certain secrets themselves (e.g., personal git SSH keys), so the CLAUDE.md shouldn't confuse Claude with absolute "no SSH keys" claims.

Unavailable Section Phrasing

Option Description Selected
Default-aware phrasing "By default, these are not mounted: ..." -- accurate without contradicting customizations.
Omit unavailable section Don't list restrictions at all.
Dynamic generation Inspect mounts at launch and generate restrictions dynamically.

User's choice: Default-aware phrasing Notes: None

Git Section

Option Description Selected
Yes, brief note Mention git identity is pre-configured, suggest HTTPS for remotes.
Skip it Git just works, let Claude figure it out.

User's choice: Yes, brief note Notes: None

Generation Behavior

Context Injection Mechanism

User redirected the discussion: instead of managing CLAUDE.md directly, use a separate SANDBOX.md file with Claude Code's @path import syntax. This avoids touching user content and eliminates tool-use token overhead.

Final approach: claudebox writes SANDBOX.md (managed, overwritten each launch) and ensures CLAUDE.md has @SANDBOX.md import at top line (checked/re-added each launch).

User's insight: "We don't need to write CLAUDE.md like that at all. We can just write a separate file and add a quick reference at the top."

Template Storage

Folded into Generation behavior -- SANDBOX.md content lives as a heredoc in claudebox.sh. No separate template file needed since the two-file architecture resolved the storage question.

Claude's Discretion

  • Exact prose wording in SANDBOX.md
  • Shell implementation of first-line check
  • Comment markers around import line

Deferred Ideas

None