feat(matrix): land QA follow-ups and refresh docs
- harden Matrix onboarding/chat lifecycle after manual QA - refresh README and Matrix docs to match current behavior - add local ignores for runtime artifacts and include current planning/report docs Closes #7 Closes #9 Closes #14
This commit is contained in:
parent
7fce4c9b3e
commit
6ced154124
35 changed files with 8380 additions and 67 deletions
29
bot-examples/bwrap-claude
Executable file
29
bot-examples/bwrap-claude
Executable file
|
|
@ -0,0 +1,29 @@
|
|||
#!/usr/bin/env bash
|
||||
# Sandboxed wrapper for Claude Code using bubblewrap.
|
||||
# Restricts filesystem access: DATA_DIR is writable, system is read-only.
|
||||
#
|
||||
# Usage: bwrap-claude <claude-command> [args...]
|
||||
# bwrap-claude claude -p --verbose ...
|
||||
# bwrap-claude claude-zai -p --verbose ...
|
||||
#
|
||||
# Requires: bubblewrap (apt install bubblewrap)
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
DATA_DIR="${DATA_DIR:?DATA_DIR must be set}"
|
||||
|
||||
exec bwrap \
|
||||
--ro-bind / / \
|
||||
--tmpfs /tmp \
|
||||
--tmpfs /run \
|
||||
--tmpfs /root \
|
||||
--proc /proc \
|
||||
--dev /dev \
|
||||
--bind "$DATA_DIR" "$DATA_DIR" \
|
||||
--bind "$HOME/.claude" "$HOME/.claude" \
|
||||
--bind-try "$HOME/.claude-zai" "$HOME/.claude-zai" \
|
||||
--setenv HOME "$HOME" \
|
||||
--setenv DATA_DIR "$DATA_DIR" \
|
||||
--die-with-parent \
|
||||
--new-session \
|
||||
"$@"
|
||||
Loading…
Add table
Add a link
Reference in a new issue