Miscellaneous sandboxed third-party packages
- Nix 79%
- Go 19.1%
- Shell 1.9%
poly2it
2be4ffc45b
claude-code 2.1.x unconditionally wraps every Bash tool call in `bwrap --die-with-parent --unshare-pid --unshare-net …` and ignores both `sandbox.enabled: false` and `dangerouslyDisableSandbox: true` because the wrap happens before any in-app flag is consulted (anthropics/claude-code#50781, #35986, #46560 — all open as of 2026-05). Inside an outer bwrap (e.g. a QEQE workspace) the inner argv collides with the outer's binds and the call hangs. Add a tiny shell-script `bwrap` shim at packages/claude-code/ fake-bwrap.nix that strips every sandbox argument and execs the program after the `--` separator. Override the upstream `claude-code` derivation's `bubblewrap` input with the shim and expose two new attributes on the overlay: * `claude-code.nest-safe` — base claude-code with its inner bwrap stubbed out. * `claude-code.wrapped-nest-safe` — the same plus the depot MCP-config attached via the existing wrapped.nix helper. Drop-in replacement for `claude-code.wrapped` when running inside an outer sandbox. Verified: builds cleanly, `claude --version` reports 2.1.123, the shim correctly skips a representative argv and execs the trailing command. MCP server sandboxing is preserved — nixpak resolves its own bubblewrap at build time, not through PATH, so the shim only intercepts claude-code's own bwrap calls. |
||
|---|---|---|
| .claude | ||
| .forgejo | ||
| packages | ||
| scripts | ||
| .gitignore | ||
| CLAUDE.md | ||
| flake.lock | ||
| flake.nix | ||
| treefmt.nix | ||