mirror of
https://github.com/lWolvesl/claw-code.git
synced 2026-04-02 07:41:52 +08:00
2d09bf9961
This adds a small runtime sandbox policy/status layer, threads sandbox options through the bash tool, and exposes `/sandbox` status reporting in the CLI. Linux namespace/network isolation is best-effort and intentionally reported as requested vs active so the feature does not overclaim guarantees on unsupported hosts or nested container environments. Constraint: No new dependencies for isolation support Constraint: Must keep filesystem restriction claims honest unless hard mount isolation succeeds Rejected: External sandbox/container wrapper | too heavy for this workspace and request Rejected: Inline bash-only changes without shared status model | weaker testability and poorer CLI visibility Confidence: medium Scope-risk: moderate Reversibility: clean Directive: Treat this as observable best-effort isolation, not a hard security boundary, unless stronger mount enforcement is added later Tested: cargo fmt --all; cargo clippy --workspace --all-targets --all-features -- -D warnings; cargo test --workspace Not-tested: Manual `/sandbox` REPL run on a real nested-container host