clabox 0.2.2 → 0.3.0

package/lib/extras-Bp4DpyZP.js

@@ -0,0 +1,87 @@
+import { i as claboxSettingsDir, r as claboxMcpDir } from "./config-CY_Cf87P.js";
+import path from "node:path";
+//#region src/sandbox/extras.ts
+/**
+* Stable per-box slug used to name the materialized files. Prefers the config
+* file's basename (so `-b is-mg` → `is-mg`, matching `init`'s box name), else
+* falls back to the project dir's basename.
+*/
+function boxSlug(configFile, projectDir) {
+	if (configFile) return path.basename(configFile).replace(/\.(config\.)?(mjs|cjs|js)$/, "");
+	return path.basename(projectDir);
+}
+/**
+* Parse the inline JSON value of the last `--settings` already present in
+* `claudeArgs`, so a box's hooks can merge into it rather than clobber it: a
+* second `--settings` flag *replaces* the first (it does not deep-merge), so
+* emitting hooks in their own file would otherwise drop the existing
+* `includeCoAuthoredBy` setting. Returns `{}` when there's no `--settings` or
+* its value isn't inline JSON we can parse (e.g. a file path — extras is a pure
+* builder and can't read it; that case just loses the merge, not correctness).
+*/
+function readInlineSettings(claudeArgs) {
+	let raw = null;
+	for (let i = 0; i < claudeArgs.length - 1; i++) if (claudeArgs[i] === "--settings") raw = claudeArgs[i + 1];
+	if (!raw) return {};
+	try {
+		const parsed = JSON.parse(raw);
+		return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : {};
+	} catch {
+		return {};
+	}
+}
+/**
+* Compile `config.mcp` / `config.systemPrompt` / `config.hooks` into claude args.
+*
+* All materialized files live under clabox's own home (`~/.config/clabox`, via
+* {@link claboxMcpDir} / {@link claboxSettingsDir}) — NOT the Claude `configDir`,
+* so clabox never pollutes Claude's profile dir. The sandbox profile re-grants
+* READ to just those two subdirs (after its hard `.config` deny) so the box can
+* read them; clabox writes them before launch, so no in-box write is needed.
+*
+* - MCP: written to `<claboxHome>/mcp/<slug>.json` and loaded with
+*   `--strict-mcp-config --mcp-config <file>` (global/plugin servers ignored).
+* - systemPrompt: appended inline via `--append-system-prompt` (no file —
+*   nothing to leave stale; `string[]` is joined with blank lines).
+* - hooks: merged into the inline `--settings` (see {@link readInlineSettings})
+*   and written to `<claboxHome>/settings/<slug>.json`, loaded with
+*   `--settings <file>` — which, emitted after `config.claudeArgs`, wins the
+*   last-`--settings`-takes-all race while carrying the merged result.
+*/
+function buildBoxExtras(config, slug) {
+	const claudeArgs = [];
+	const files = [];
+	const servers = config.mcp;
+	if (servers && Object.keys(servers).length > 0) {
+		const mcpFile = path.join(claboxMcpDir(), `${slug}.json`);
+		files.push({
+			path: mcpFile,
+			content: `${JSON.stringify({ mcpServers: servers }, null, 2)}\n`
+		});
+		claudeArgs.push("--strict-mcp-config", "--mcp-config", mcpFile);
+	}
+	const sp = config.systemPrompt;
+	const text = (Array.isArray(sp) ? sp.join("\n\n") : sp ?? "").trim();
+	if (text) claudeArgs.push("--append-system-prompt", text);
+	const hooks = config.hooks;
+	if (hooks && Object.keys(hooks).length > 0) {
+		const settingsFile = path.join(claboxSettingsDir(), `${slug}.json`);
+		const merged = {
+			...readInlineSettings(config.claudeArgs),
+			hooks
+		};
+		files.push({
+			path: settingsFile,
+			content: `${JSON.stringify(merged, null, 2)}\n`
+		});
+		claudeArgs.push("--settings", settingsFile);
+	}
+	return {
+		claudeArgs,
+		files
+	};
+}
+//#endregion
+export { buildBoxExtras as n, boxSlug as t };
+
+//# sourceMappingURL=extras-Bp4DpyZP.js.map

package/lib/extras-Bp4DpyZP.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"extras-Bp4DpyZP.js","names":[],"sources":["../src/sandbox/extras.ts"],"sourcesContent":["// Per-box \"extras\": compile a box's declarative `mcp` / `systemPrompt` config\n// into the claude args (and the files they reference) — so user config stays\n// pure data and clabox owns the wiring. Pure builder; callers (run.ts at launch,\n// scaffold.ts at `init`) do the actual fs writes.\n\nimport path from 'node:path';\nimport { type Config, claboxMcpDir, claboxSettingsDir } from '../utils/config.js';\n\n/** A file to materialize before launching claude (absolute path + content). */\nexport interface ExtraFile {\n  path: string;\n  content: string;\n}\n\n/** Compiled box extras: the claude args to inject + the files they reference. */\nexport interface BoxExtras {\n  /** Appended after `config.claudeArgs`, before any CLI args. */\n  claudeArgs: string[];\n  /** Files to write (under clabox's home `~/.config/clabox`, granted RO in-box). */\n  files: ExtraFile[];\n}\n\n/**\n * Stable per-box slug used to name the materialized files. Prefers the config\n * file's basename (so `-b is-mg` → `is-mg`, matching `init`'s box name), else\n * falls back to the project dir's basename.\n */\nexport function boxSlug(configFile: string | null | undefined, projectDir: string): string {\n  if (configFile) {\n    return path.basename(configFile).replace(/\\.(config\\.)?(mjs|cjs|js)$/, '');\n  }\n  return path.basename(projectDir);\n}\n\n/**\n * Parse the inline JSON value of the last `--settings` already present in\n * `claudeArgs`, so a box's hooks can merge into it rather than clobber it: a\n * second `--settings` flag *replaces* the first (it does not deep-merge), so\n * emitting hooks in their own file would otherwise drop the existing\n * `includeCoAuthoredBy` setting. Returns `{}` when there's no `--settings` or\n * its value isn't inline JSON we can parse (e.g. a file path — extras is a pure\n * builder and can't read it; that case just loses the merge, not correctness).\n */\nfunction readInlineSettings(claudeArgs: string[]): Record<string, unknown> {\n  let raw: string | null = null;\n  for (let i = 0; i < claudeArgs.length - 1; i++) {\n    if (claudeArgs[i] === '--settings') raw = claudeArgs[i + 1];\n  }\n  if (!raw) return {};\n  try {\n    const parsed = JSON.parse(raw);\n    return parsed && typeof parsed === 'object' && !Array.isArray(parsed) ? parsed : {};\n  } catch {\n    return {};\n  }\n}\n\n/**\n * Compile `config.mcp` / `config.systemPrompt` / `config.hooks` into claude args.\n *\n * All materialized files live under clabox's own home (`~/.config/clabox`, via\n * {@link claboxMcpDir} / {@link claboxSettingsDir}) — NOT the Claude `configDir`,\n * so clabox never pollutes Claude's profile dir. The sandbox profile re-grants\n * READ to just those two subdirs (after its hard `.config` deny) so the box can\n * read them; clabox writes them before launch, so no in-box write is needed.\n *\n * - MCP: written to `<claboxHome>/mcp/<slug>.json` and loaded with\n *   `--strict-mcp-config --mcp-config <file>` (global/plugin servers ignored).\n * - systemPrompt: appended inline via `--append-system-prompt` (no file —\n *   nothing to leave stale; `string[]` is joined with blank lines).\n * - hooks: merged into the inline `--settings` (see {@link readInlineSettings})\n *   and written to `<claboxHome>/settings/<slug>.json`, loaded with\n *   `--settings <file>` — which, emitted after `config.claudeArgs`, wins the\n *   last-`--settings`-takes-all race while carrying the merged result.\n */\nexport function buildBoxExtras(config: Config, slug: string): BoxExtras {\n  const claudeArgs: string[] = [];\n  const files: ExtraFile[] = [];\n\n  const servers = config.mcp;\n  if (servers && Object.keys(servers).length > 0) {\n    const mcpFile = path.join(claboxMcpDir(), `${slug}.json`);\n    files.push({\n      path: mcpFile,\n      content: `${JSON.stringify({ mcpServers: servers }, null, 2)}\\n`,\n    });\n    claudeArgs.push('--strict-mcp-config', '--mcp-config', mcpFile);\n  }\n\n  const sp = config.systemPrompt;\n  const text = (Array.isArray(sp) ? sp.join('\\n\\n') : (sp ?? '')).trim();\n  if (text) claudeArgs.push('--append-system-prompt', text);\n\n  const hooks = config.hooks;\n  if (hooks && Object.keys(hooks).length > 0) {\n    const settingsFile = path.join(claboxSettingsDir(), `${slug}.json`);\n    const merged = { ...readInlineSettings(config.claudeArgs), hooks };\n    files.push({ path: settingsFile, content: `${JSON.stringify(merged, null, 2)}\\n` });\n    claudeArgs.push('--settings', settingsFile);\n  }\n\n  return { claudeArgs, files };\n}\n"],"mappings":";;;;;;;;AA2BA,SAAgB,QAAQ,YAAuC,YAA4B;CACzF,IAAI,YACF,OAAO,KAAK,SAAS,UAAU,CAAC,CAAC,QAAQ,8BAA8B,EAAE;CAE3E,OAAO,KAAK,SAAS,UAAU;AACjC;;;;;;;;;;AAWA,SAAS,mBAAmB,YAA+C;CACzE,IAAI,MAAqB;CACzB,KAAK,IAAI,IAAI,GAAG,IAAI,WAAW,SAAS,GAAG,KACzC,IAAI,WAAW,OAAO,cAAc,MAAM,WAAW,IAAI;CAE3D,IAAI,CAAC,KAAK,OAAO,CAAC;CAClB,IAAI;EACF,MAAM,SAAS,KAAK,MAAM,GAAG;EAC7B,OAAO,UAAU,OAAO,WAAW,YAAY,CAAC,MAAM,QAAQ,MAAM,IAAI,SAAS,CAAC;CACpF,QAAQ;EACN,OAAO,CAAC;CACV;AACF;;;;;;;;;;;;;;;;;;;AAoBA,SAAgB,eAAe,QAAgB,MAAyB;CACtE,MAAM,aAAuB,CAAC;CAC9B,MAAM,QAAqB,CAAC;CAE5B,MAAM,UAAU,OAAO;CACvB,IAAI,WAAW,OAAO,KAAK,OAAO,CAAC,CAAC,SAAS,GAAG;EAC9C,MAAM,UAAU,KAAK,KAAK,aAAa,GAAG,GAAG,KAAK,MAAM;EACxD,MAAM,KAAK;GACT,MAAM;GACN,SAAS,GAAG,KAAK,UAAU,EAAE,YAAY,QAAQ,GAAG,MAAM,CAAC,EAAE;EAC/D,CAAC;EACD,WAAW,KAAK,uBAAuB,gBAAgB,OAAO;CAChE;CAEA,MAAM,KAAK,OAAO;CAClB,MAAM,QAAQ,MAAM,QAAQ,EAAE,IAAI,GAAG,KAAK,MAAM,IAAK,MAAM,GAAA,CAAK,KAAK;CACrE,IAAI,MAAM,WAAW,KAAK,0BAA0B,IAAI;CAExD,MAAM,QAAQ,OAAO;CACrB,IAAI,SAAS,OAAO,KAAK,KAAK,CAAC,CAAC,SAAS,GAAG;EAC1C,MAAM,eAAe,KAAK,KAAK,kBAAkB,GAAG,GAAG,KAAK,MAAM;EAClE,MAAM,SAAS;GAAE,GAAG,mBAAmB,OAAO,UAAU;GAAG;EAAM;EACjE,MAAM,KAAK;GAAE,MAAM;GAAc,SAAS,GAAG,KAAK,UAAU,QAAQ,MAAM,CAAC,EAAE;EAAI,CAAC;EAClF,WAAW,KAAK,cAAc,YAAY;CAC5C;CAEA,OAAO;EAAE;EAAY;CAAM;AAC7B"}

package/lib/{extras-B_dzBrCF.d.ts → extras-CITv2nRg.d.ts}

@@ -1,4 +1,4 @@
-import { i as Config } from "./config-jZAB2Zg8.js";
+import { i as Config } from "./config-1vfbPBRi.js";
 
 //#region src/sandbox/extras.d.ts
 /** A file to materialize before launching claude (absolute path + content). */
@@ -10,7 +10,7 @@ interface ExtraFile {
 interface BoxExtras {
   /** Appended after `config.claudeArgs`, before any CLI args. */
   claudeArgs: string[];
-  /** Files to write (under configDir, which the sandbox grants RW). */
+  /** Files to write (under clabox's home `~/.config/clabox`, granted RO in-box). */
   files: ExtraFile[];
 }
 /**
@@ -20,15 +20,24 @@ interface BoxExtras {
  */
 declare function boxSlug(configFile: string | null | undefined, projectDir: string): string;
 /**
- * Compile `config.mcp` / `config.systemPrompt` into claude args.
+ * Compile `config.mcp` / `config.systemPrompt` / `config.hooks` into claude args.
  *
- * - MCP: written to `<configDir>/mcp/<slug>.json` and loaded with
+ * All materialized files live under clabox's own home (`~/.config/clabox`, via
+ * {@link claboxMcpDir} / {@link claboxSettingsDir}) — NOT the Claude `configDir`,
+ * so clabox never pollutes Claude's profile dir. The sandbox profile re-grants
+ * READ to just those two subdirs (after its hard `.config` deny) so the box can
+ * read them; clabox writes them before launch, so no in-box write is needed.
+ *
+ * - MCP: written to `<claboxHome>/mcp/<slug>.json` and loaded with
  *   `--strict-mcp-config --mcp-config <file>` (global/plugin servers ignored).
- *   configDir is sandbox-RW, so the json is readable inside the box.
  * - systemPrompt: appended inline via `--append-system-prompt` (no file —
  *   nothing to leave stale; `string[]` is joined with blank lines).
+ * - hooks: merged into the inline `--settings` (see {@link readInlineSettings})
+ *   and written to `<claboxHome>/settings/<slug>.json`, loaded with
+ *   `--settings <file>` — which, emitted after `config.claudeArgs`, wins the
+ *   last-`--settings`-takes-all race while carrying the merged result.
  */
 declare function buildBoxExtras(config: Config, slug: string): BoxExtras;
 //#endregion
 export { buildBoxExtras as i, ExtraFile as n, boxSlug as r, BoxExtras as t };
-//# sourceMappingURL=extras-B_dzBrCF.d.ts.map
+//# sourceMappingURL=extras-CITv2nRg.d.ts.map

package/lib/{ghostty-DFwFh4aL.d.ts → ghostty-D8KUXOw7.d.ts}

@@ -1,4 +1,4 @@
-import { n as AppConfig } from "./config-jZAB2Zg8.js";
+import { n as AppConfig } from "./config-1vfbPBRi.js";
 
 //#region src/init/ghostty.d.ts
 /** Inputs for {@link buildGhosttyConfig} (all paths already absolute). */
@@ -40,4 +40,4 @@ declare function appBundlePath(appsDir: string, app: AppConfig): string;
 declare function bundleId(boxName: string, app: AppConfig): string;
 //#endregion
 export { buildLauncherSource as a, buildGhosttyConfig as i, appBundlePath as n, bundleId as o, buildCommand as r, GhosttyConfigOptions as t };
-//# sourceMappingURL=ghostty-DFwFh4aL.d.ts.map
+//# sourceMappingURL=ghostty-D8KUXOw7.d.ts.map

package/lib/index.d.ts

@@ -1,10 +1,11 @@
+import { S as resolveBox, _ as expandHome, a as HOME, b as loadConfig, d as PathRules, g as defaultConfig, h as configsDir, i as Config, l as LoadedConfig, n as AppConfig, r as BotConfig, t as AppBuilderConfig, u as McpServer, v as findConfigFile, x as mergeConfig, y as listBoxes } from "./config-1vfbPBRi.js";
+import { a as claboxVersion, c as resolveClaboxPackage, i as InfoData, n as FormatInfoOptions, o as formatInfo, r as GatherInfoOptions, s as gatherInfo, t as ClaboxPackage } from "./info-C0WvNVNS.js";
 import { a as buildIndex, i as buildAliasFiles, n as InitFile, o as buildWrapper, r as aliasName, t as AliasPaths } from "./aliases-BNdrOn9E.js";
-import { a as HOME, c as PathRules, d as expandHome, f as findConfigFile, g as resolveBox, h as mergeConfig, i as Config, l as configsDir, m as loadConfig, n as AppConfig, o as LoadedConfig, p as listBoxes, r as BotConfig, s as McpServer, t as AppBuilderConfig, u as defaultConfig } from "./config-jZAB2Zg8.js";
-import { i as canBuildApps, n as BuildAppResult, r as buildApp, t as BuildAppOptions } from "./app-B1djcEnN.js";
-import { a as buildLauncherSource, i as buildGhosttyConfig, n as appBundlePath, o as bundleId, r as buildCommand, t as GhosttyConfigOptions } from "./ghostty-DFwFh4aL.js";
-import { n as buildRaycastCommand, r as raycastIcon, t as RaycastCommandOptions } from "./raycast-fc5U1x7E.js";
+import { i as canBuildApps, n as BuildAppResult, r as buildApp, t as BuildAppOptions } from "./app-MIaByu-I.js";
+import { a as buildLauncherSource, i as buildGhosttyConfig, n as appBundlePath, o as bundleId, r as buildCommand, t as GhosttyConfigOptions } from "./ghostty-D8KUXOw7.js";
+import { n as buildRaycastCommand, r as raycastIcon, t as RaycastCommandOptions } from "./raycast-DuHEu0Vz.js";
 import { a as discoverProfiles, n as InitOptions, o as runInit, r as InitResult, t as BuiltApp } from "./scaffold-BiCJzELQ.js";
-import { i as buildBoxExtras, n as ExtraFile, r as boxSlug, t as BoxExtras } from "./extras-B_dzBrCF.js";
-import { a as ipcName, c as regex, i as globalName, l as subpath, n as buildProfile, o as literal, r as detectPackagePaths, s as reEscape, t as ProfileContext } from "./profile-7CiMUPu9.js";
-import { a as resolveProjectDir, i as profilePath, o as runClaude, r as generateProfile, t as RunOptions } from "./run-BWGDNJiY.js";
-export { type AliasPaths, type AppBuilderConfig, type AppConfig, type BotConfig, type BoxExtras, type BuildAppOptions, type BuildAppResult, type BuiltApp, type Config, type ExtraFile, type GhosttyConfigOptions, HOME, type InitFile, type InitOptions, type InitResult, type LoadedConfig, type McpServer, type PathRules, type ProfileContext, type RaycastCommandOptions, type RunOptions, aliasName, appBundlePath, boxSlug, buildAliasFiles, buildApp, buildBoxExtras, buildCommand, buildGhosttyConfig, buildIndex, buildLauncherSource, buildProfile, buildRaycastCommand, buildWrapper, bundleId, canBuildApps, configsDir, defaultConfig, detectPackagePaths, discoverProfiles, expandHome, findConfigFile, generateProfile, globalName, ipcName, listBoxes, literal, loadConfig, mergeConfig, profilePath, raycastIcon, reEscape, regex, resolveBox, resolveProjectDir, runClaude, runInit, subpath };
+import { i as buildBoxExtras, n as ExtraFile, r as boxSlug, t as BoxExtras } from "./extras-CITv2nRg.js";
+import { a as ipcName, c as regex, i as globalName, n as buildProfile, o as literal, r as detectPackagePaths, s as reEscape, t as ProfileContext, u as subpath } from "./profile-Bzq0Y4PI.js";
+import { a as resolveProjectDir, i as profilePath, o as runClaude, r as generateProfile, s as which, t as RunOptions } from "./run-gag6YjI9.js";
+export { type AliasPaths, type AppBuilderConfig, type AppConfig, type BotConfig, type BoxExtras, type BuildAppOptions, type BuildAppResult, type BuiltApp, type ClaboxPackage, type Config, type ExtraFile, type FormatInfoOptions, type GatherInfoOptions, type GhosttyConfigOptions, HOME, type InfoData, type InitFile, type InitOptions, type InitResult, type LoadedConfig, type McpServer, type PathRules, type ProfileContext, type RaycastCommandOptions, type RunOptions, aliasName, appBundlePath, boxSlug, buildAliasFiles, buildApp, buildBoxExtras, buildCommand, buildGhosttyConfig, buildIndex, buildLauncherSource, buildProfile, buildRaycastCommand, buildWrapper, bundleId, canBuildApps, claboxVersion, configsDir, defaultConfig, detectPackagePaths, discoverProfiles, expandHome, findConfigFile, formatInfo, gatherInfo, generateProfile, globalName, ipcName, listBoxes, literal, loadConfig, mergeConfig, profilePath, raycastIcon, reEscape, regex, resolveBox, resolveClaboxPackage, resolveProjectDir, runClaude, runInit, subpath, which };

package/lib/index.js

@@ -1,10 +1,11 @@
-import { a as findConfigFile, c as mergeConfig, i as expandHome, l as resolveBox, n as configsDir, o as listBoxes, r as defaultConfig, s as loadConfig, t as HOME } from "./config-BQ44iVWT.js";
-import { n as buildBoxExtras, t as boxSlug } from "./extras-B2ss2Cgh.js";
+import { a as configsDir, c as findConfigFile, d as mergeConfig, f as resolveBox, l as listBoxes, o as defaultConfig, s as expandHome, t as HOME, u as loadConfig } from "./config-CY_Cf87P.js";
+import { n as buildBoxExtras, t as boxSlug } from "./extras-Bp4DpyZP.js";
+import { a as literal, i as ipcName, l as subpath, n as detectPackagePaths, o as reEscape, r as globalName, s as regex, t as buildProfile } from "./profile-1oytMVlE.js";
+import { a as runClaude, i as resolveProjectDir, n as generateProfile, o as which, r as profilePath } from "./run-9vQC2fCs.js";
+import { i as resolveClaboxPackage, n as formatInfo, r as gatherInfo, t as claboxVersion } from "./info-BRlaIckk.js";
 import { i as buildWrapper, n as buildAliasFiles, r as buildIndex, t as aliasName } from "./aliases-KGjds7dK.js";
 import { a as bundleId, i as buildLauncherSource, n as buildCommand, r as buildGhosttyConfig, t as appBundlePath } from "./ghostty-Dw4QLyl-.js";
-import { n as canBuildApps, t as buildApp } from "./app-ChnKbgkD.js";
+import { n as canBuildApps, t as buildApp } from "./app-CuEM7S0i.js";
 import { n as raycastIcon, t as buildRaycastCommand } from "./raycast-BCdO2Se1.js";
-import { n as discoverProfiles, r as runInit } from "./scaffold-BdvCQVid.js";
-import { a as literal, c as subpath, i as ipcName, n as detectPackagePaths, o as reEscape, r as globalName, s as regex, t as buildProfile } from "./profile-DM6NAgb-.js";
-import { a as runClaude, i as resolveProjectDir, n as generateProfile, r as profilePath } from "./run-yUsOaKFx.js";
-export { HOME, aliasName, appBundlePath, boxSlug, buildAliasFiles, buildApp, buildBoxExtras, buildCommand, buildGhosttyConfig, buildIndex, buildLauncherSource, buildProfile, buildRaycastCommand, buildWrapper, bundleId, canBuildApps, configsDir, defaultConfig, detectPackagePaths, discoverProfiles, expandHome, findConfigFile, generateProfile, globalName, ipcName, listBoxes, literal, loadConfig, mergeConfig, profilePath, raycastIcon, reEscape, regex, resolveBox, resolveProjectDir, runClaude, runInit, subpath };
+import { n as discoverProfiles, r as runInit } from "./scaffold-DiG5q28w.js";
+export { HOME, aliasName, appBundlePath, boxSlug, buildAliasFiles, buildApp, buildBoxExtras, buildCommand, buildGhosttyConfig, buildIndex, buildLauncherSource, buildProfile, buildRaycastCommand, buildWrapper, bundleId, canBuildApps, claboxVersion, configsDir, defaultConfig, detectPackagePaths, discoverProfiles, expandHome, findConfigFile, formatInfo, gatherInfo, generateProfile, globalName, ipcName, listBoxes, literal, loadConfig, mergeConfig, profilePath, raycastIcon, reEscape, regex, resolveBox, resolveClaboxPackage, resolveProjectDir, runClaude, runInit, subpath, which };

package/lib/info/info.d.ts

@@ -0,0 +1,2 @@
+import { a as claboxVersion, c as resolveClaboxPackage, i as InfoData, n as FormatInfoOptions, o as formatInfo, r as GatherInfoOptions, s as gatherInfo, t as ClaboxPackage } from "../info-C0WvNVNS.js";
+export { ClaboxPackage, FormatInfoOptions, GatherInfoOptions, InfoData, claboxVersion, formatInfo, gatherInfo, resolveClaboxPackage };

package/lib/info/info.js

@@ -0,0 +1,2 @@
+import { i as resolveClaboxPackage, n as formatInfo, r as gatherInfo, t as claboxVersion } from "../info-BRlaIckk.js";
+export { claboxVersion, formatInfo, gatherInfo, resolveClaboxPackage };

package/lib/info-BRlaIckk.js

@@ -0,0 +1,176 @@
+import { s as expandHome, t as HOME } from "./config-CY_Cf87P.js";
+import { n as buildBoxExtras, t as boxSlug } from "./extras-Bp4DpyZP.js";
+import { i as resolveProjectDir, o as which, r as profilePath } from "./run-9vQC2fCs.js";
+import path from "node:path";
+import fs from "node:fs";
+import { fileURLToPath } from "node:url";
+//#region src/info/info.ts
+/**
+* Locate clabox's own package.json by walking up from this module. A relative
+* `../../package.json` is unreliable because the bundler hoists shared code into
+* hashed chunks at an unpredictable depth (`lib/info-<hash>.js`), so the literal
+* `..` count no longer matches the source tree. Walking up until we hit the
+* package.json whose `name` is `clabox` survives every layout: the source tree
+* (`src/info/`), the built tree (`lib/`, `lib/<chunk>.js`) and an installed
+* `node_modules/clabox/`.
+*/
+function resolveClaboxPackage() {
+	let dir = path.dirname(fileURLToPath(import.meta.url));
+	for (let i = 0; i < 8; i++) {
+		try {
+			const pkg = JSON.parse(fs.readFileSync(path.join(dir, "package.json"), "utf8"));
+			if (pkg.name === "clabox") return {
+				root: dir,
+				version: pkg.version ?? "unknown"
+			};
+		} catch {}
+		const parent = path.dirname(dir);
+		if (parent === dir) break;
+		dir = parent;
+	}
+	return {
+		root: null,
+		version: "unknown"
+	};
+}
+/** clabox's own version (best-effort; `'unknown'` if it can't be located). */
+function claboxVersion() {
+	return resolveClaboxPackage().version;
+}
+/** Env vars clabox itself reads (shown verbatim in the `[env]` section). */
+const TRACKED_ENV = [
+	"CLAUDE_CONFIG_DIR",
+	"CLABOX_CONFIG",
+	"CLABOX_CONFIGS_DIR",
+	"CLABOX_CWD",
+	"CLABOX_CLAUDE_BIN",
+	"CLABOX_DEBUG"
+];
+/** Snapshot the effective config + runtime resolution into an {@link InfoData}. */
+function gatherInfo(config, opts = {}) {
+	const projectDir = resolveProjectDir(config);
+	const slug = boxSlug(opts.configFile, projectDir);
+	const extras = buildBoxExtras(config, slug);
+	const profileFile = profilePath(projectDir);
+	const claudeBin = config.claudeBin ?? which("claude");
+	const pkg = resolveClaboxPackage();
+	const processEnv = TRACKED_ENV.filter((k) => process.env[k] != null).map((k) => `${k}=${process.env[k]}`);
+	return {
+		name: "clabox",
+		version: pkg.version,
+		description: "Run Claude Code in a sandbox for super-safe YOLO mode",
+		node: process.version,
+		nodeBin: process.execPath,
+		platform: process.platform,
+		claboxBin: process.argv[1] ?? which("clabox"),
+		claboxRoot: pkg.root,
+		claudeBin,
+		sandboxExec: which("sandbox-exec"),
+		box: opts.box ?? null,
+		slug,
+		projectDir,
+		profileFile,
+		profileExists: fs.existsSync(profileFile),
+		configFile: opts.configFile ?? null,
+		configDir: expandHome(config.configDir),
+		network: config.network,
+		ulimitProcs: config.ulimitProcs,
+		claudeArgs: config.claudeArgs,
+		mcpServers: Object.keys(config.mcp ?? {}),
+		hasSystemPrompt: Boolean((Array.isArray(config.systemPrompt) ? config.systemPrompt.join("") : config.systemPrompt ?? "").trim()),
+		hookEvents: Object.keys(config.hooks ?? {}),
+		bot: config.bot,
+		paths: config.paths,
+		denyHome: config.denyHome,
+		denyDotConfigs: config.denyDotConfigs,
+		env: Object.entries(config.env ?? {}).map(([k, v]) => `${k}=${v}`),
+		extraArgs: extras.claudeArgs,
+		extraFiles: extras.files.map((f) => f.path),
+		processEnv
+	};
+}
+const LABEL_WIDTH = 16;
+const ANSI = {
+	reset: "\x1B[0m",
+	bold: "\x1B[1m",
+	dim: "\x1B[2m",
+	cyan: "\x1B[36m",
+	yellow: "\x1B[33m"
+};
+/** `~`-collapse a path under $HOME for compact display (best-effort). */
+function tildify(p) {
+	return p.startsWith(HOME) ? `~${p.slice(HOME.length)}` : p;
+}
+/** Collapse newlines and cap length so a long/multiline arg stays one row. */
+function oneLine(s, max = 72) {
+	const flat = s.replace(/\s+/g, " ").trim();
+	return flat.length > max ? `${flat.slice(0, max - 1)}…` : flat;
+}
+/**
+* Render an {@link InfoData} into the human-readable `clabox info` report.
+* Pure: pass `{ color: true }` for ANSI styling (the CLI keys this off a TTY),
+* leave it off for plain text (tests, pipes).
+*/
+function formatInfo(d, { color = false } = {}) {
+	const paint = (code, s) => color ? `${code}${s}${ANSI.reset}` : s;
+	const dimIfEmpty = (v) => /^(-|\(.*\))$/.test(v) ? paint(ANSI.dim, v) : v;
+	const lines = [];
+	const header = (title, note = "") => {
+		lines.push("", paint(ANSI.bold, `[${title}]`) + (note ? paint(ANSI.dim, `  ${note}`) : ""));
+	};
+	const row = (label, value) => {
+		const raw = value === null || value === void 0 || value === "" ? "-" : String(value);
+		lines.push(`  ${paint(ANSI.cyan, label.padEnd(LABEL_WIDTH))}${dimIfEmpty(raw)}`);
+	};
+	const listRows = (label, values) => {
+		if (values.length === 0) {
+			row(label, "-");
+			return;
+		}
+		values.forEach((v, i) => {
+			row(i === 0 ? label : "", v);
+		});
+	};
+	lines.push(paint(ANSI.bold, `${d.name} v${d.version}`) + paint(ANSI.dim, ` — ${d.description}`));
+	header("clabox");
+	row("version", d.version);
+	row("claboxBin", d.claboxBin ?? "(unknown)");
+	row("claboxRoot", d.claboxRoot ? tildify(d.claboxRoot) : "(unknown)");
+	row("node", `${d.node} (${tildify(d.nodeBin)})`);
+	row("platform", d.platform);
+	row("claudeBin", d.claudeBin ? tildify(d.claudeBin) : paint(ANSI.yellow, "not found"));
+	row("sandbox-exec", d.sandboxExec ?? paint(ANSI.yellow, "not found (macOS only)"));
+	header("box");
+	row("box", d.box ?? "(none)");
+	row("slug", d.slug);
+	row("project", tildify(d.projectDir));
+	const builtNote = d.profileExists ? "" : paint(ANSI.dim, " (not built)");
+	row("profile", tildify(d.profileFile) + builtNote);
+	header("config");
+	row("configFile", d.configFile ? tildify(d.configFile) : "(defaults — no file)");
+	row("configDir", tildify(d.configDir));
+	row("network", d.network);
+	row("ulimitProcs", d.ulimitProcs || "(off)");
+	row("bot", `${d.bot.name} <${d.bot.email}>`);
+	row("mcp", d.mcpServers.join(", ") || "(none)");
+	row("systemPrompt", d.hasSystemPrompt ? "(set)" : "(none)");
+	row("hooks", d.hookEvents.join(", ") || "(none)");
+	listRows("claudeArgs", d.claudeArgs);
+	listRows("readWrite", d.paths.readWrite);
+	listRows("readOnly", d.paths.readOnly);
+	listRows("exec", d.paths.exec);
+	listRows("deny", d.paths.deny);
+	row("denyHome", d.denyHome.join(", ") || "(none)");
+	row("denyDotConfigs", d.denyDotConfigs.join(", ") || "(none)");
+	listRows("env", d.env);
+	header("extras", "compiled from this box: mcp / systemPrompt / hooks");
+	listRows("args", d.extraArgs.map((a) => oneLine(a)));
+	listRows("files", d.extraFiles.map(tildify));
+	header("env", "clabox-relevant vars in the environment");
+	listRows("", d.processEnv);
+	return lines.join("\n");
+}
+//#endregion
+export { resolveClaboxPackage as i, formatInfo as n, gatherInfo as r, claboxVersion as t };
+
+//# sourceMappingURL=info-BRlaIckk.js.map

package/lib/info-BRlaIckk.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"info-BRlaIckk.js","names":[],"sources":["../src/info/info.ts"],"sourcesContent":["// `clabox info` — introspection: who clabox is, what it resolved, and how the\n// effective config / box would launch claude. Mirrors the pure/I-O split used\n// elsewhere: `gatherInfo` does the I/O (resolve bins, read package.json, probe\n// the env), `formatInfo` is a pure text builder (unit-tested without touching\n// the filesystem).\n\nimport fs from 'node:fs';\nimport path from 'node:path';\nimport { fileURLToPath } from 'node:url';\nimport { boxSlug, buildBoxExtras } from '../sandbox/extras.js';\nimport { profilePath, resolveProjectDir, which } from '../sandbox/run.js';\nimport { type BotConfig, type Config, expandHome, HOME, type PathRules } from '../utils/config.js';\n\n/** clabox's own package: the install root + version, located at runtime. */\nexport interface ClaboxPackage {\n  /** Directory that holds clabox's package.json (its install root). */\n  root: string | null;\n  version: string;\n}\n\n/**\n * Locate clabox's own package.json by walking up from this module. A relative\n * `../../package.json` is unreliable because the bundler hoists shared code into\n * hashed chunks at an unpredictable depth (`lib/info-<hash>.js`), so the literal\n * `..` count no longer matches the source tree. Walking up until we hit the\n * package.json whose `name` is `clabox` survives every layout: the source tree\n * (`src/info/`), the built tree (`lib/`, `lib/<chunk>.js`) and an installed\n * `node_modules/clabox/`.\n */\nexport function resolveClaboxPackage(): ClaboxPackage {\n  let dir = path.dirname(fileURLToPath(import.meta.url));\n  for (let i = 0; i < 8; i++) {\n    try {\n      const pkg = JSON.parse(fs.readFileSync(path.join(dir, 'package.json'), 'utf8'));\n      if (pkg.name === 'clabox') return { root: dir, version: pkg.version ?? 'unknown' };\n    } catch {\n      // no/unreadable package.json here — keep climbing.\n    }\n    const parent = path.dirname(dir);\n    if (parent === dir) break; // reached the filesystem root\n    dir = parent;\n  }\n  return { root: null, version: 'unknown' };\n}\n\n/** clabox's own version (best-effort; `'unknown'` if it can't be located). */\nexport function claboxVersion(): string {\n  return resolveClaboxPackage().version;\n}\n\n/** Everything `formatInfo` needs — a plain, serializable snapshot (no I/O). */\nexport interface InfoData {\n  name: string;\n  version: string;\n  description: string;\n  /** Node runtime version (`process.version`). */\n  node: string;\n  /** Node executable that's running clabox (`process.execPath`). */\n  nodeBin: string;\n  platform: string;\n  /** Path to the clabox entry actually running (`process.argv[1]`), null if unknown. */\n  claboxBin: string | null;\n  /** clabox's install root (dir of its package.json), null if it can't be found. */\n  claboxRoot: string | null;\n  /** Resolved `claude` binary (config → PATH → ~/.local/bin), null if absent. */\n  claudeBin: string | null;\n  /** Resolved `sandbox-exec` (this machine can sandbox iff non-null). */\n  sandboxExec: string | null;\n  /** Named box (`-b <name>`), null when none. */\n  box: string | null;\n  /** Per-box slug used to name the materialized mcp/settings files. */\n  slug: string;\n  /** Dir claude runs in and that's granted RW as the project. */\n  projectDir: string;\n  /** Deterministic profile path for {@link InfoData.projectDir}. */\n  profileFile: string;\n  /** Whether the profile has been generated already. */\n  profileExists: boolean;\n  /** Config file the effective config came from, null → built-in defaults. */\n  configFile: string | null;\n  /** Expanded `config.configDir` (Claude's profile dir). */\n  configDir: string;\n  network: boolean;\n  ulimitProcs: number;\n  claudeArgs: string[];\n  /** Per-box MCP server names (keys of `config.mcp`). */\n  mcpServers: string[];\n  /** Whether a per-box `systemPrompt` is set. */\n  hasSystemPrompt: boolean;\n  /** Per-box hook event names (keys of `config.hooks`). */\n  hookEvents: string[];\n  bot: BotConfig;\n  paths: PathRules;\n  denyHome: string[];\n  denyDotConfigs: string[];\n  /** Forced extra env (`config.env`) as `KEY=VALUE` strings. */\n  env: string[];\n  /** claude args compiled from this box's mcp/systemPrompt/hooks. */\n  extraArgs: string[];\n  /** Files the extras reference (mcp/settings json under ~/.config/clabox). */\n  extraFiles: string[];\n  /** clabox-relevant vars present in the process env (`KEY=VALUE`). */\n  processEnv: string[];\n}\n\n/** Env vars clabox itself reads (shown verbatim in the `[env]` section). */\nconst TRACKED_ENV = [\n  'CLAUDE_CONFIG_DIR',\n  'CLABOX_CONFIG',\n  'CLABOX_CONFIGS_DIR',\n  'CLABOX_CWD',\n  'CLABOX_CLAUDE_BIN',\n  'CLABOX_DEBUG',\n];\n\n/** Options for {@link gatherInfo}. */\nexport interface GatherInfoOptions {\n  configFile?: string | null;\n  box?: string | null;\n}\n\n/** Snapshot the effective config + runtime resolution into an {@link InfoData}. */\nexport function gatherInfo(config: Config, opts: GatherInfoOptions = {}): InfoData {\n  const projectDir = resolveProjectDir(config);\n  const slug = boxSlug(opts.configFile, projectDir);\n  const extras = buildBoxExtras(config, slug);\n  const profileFile = profilePath(projectDir);\n  const claudeBin = config.claudeBin ?? which('claude');\n  const pkg = resolveClaboxPackage();\n\n  const processEnv = TRACKED_ENV.filter((k) => process.env[k] != null).map(\n    (k) => `${k}=${process.env[k]}`,\n  );\n\n  return {\n    name: 'clabox',\n    version: pkg.version,\n    description: 'Run Claude Code in a sandbox for super-safe YOLO mode',\n    node: process.version,\n    nodeBin: process.execPath,\n    platform: process.platform,\n    claboxBin: process.argv[1] ?? which('clabox'),\n    claboxRoot: pkg.root,\n    claudeBin,\n    sandboxExec: which('sandbox-exec'),\n    box: opts.box ?? null,\n    slug,\n    projectDir,\n    profileFile,\n    profileExists: fs.existsSync(profileFile),\n    configFile: opts.configFile ?? null,\n    configDir: expandHome(config.configDir),\n    network: config.network,\n    ulimitProcs: config.ulimitProcs,\n    claudeArgs: config.claudeArgs,\n    mcpServers: Object.keys(config.mcp ?? {}),\n    hasSystemPrompt: Boolean(\n      (Array.isArray(config.systemPrompt)\n        ? config.systemPrompt.join('')\n        : (config.systemPrompt ?? '')\n      ).trim(),\n    ),\n    hookEvents: Object.keys(config.hooks ?? {}),\n    bot: config.bot,\n    paths: config.paths,\n    denyHome: config.denyHome,\n    denyDotConfigs: config.denyDotConfigs,\n    env: Object.entries(config.env ?? {}).map(([k, v]) => `${k}=${v}`),\n    extraArgs: extras.claudeArgs,\n    extraFiles: extras.files.map((f) => f.path),\n    processEnv,\n  };\n}\n\nconst LABEL_WIDTH = 16;\n\nconst ANSI = {\n  reset: '\\x1b[0m',\n  bold: '\\x1b[1m',\n  dim: '\\x1b[2m',\n  cyan: '\\x1b[36m',\n  yellow: '\\x1b[33m',\n} as const;\n\n/** `~`-collapse a path under $HOME for compact display (best-effort). */\nfunction tildify(p: string): string {\n  return p.startsWith(HOME) ? `~${p.slice(HOME.length)}` : p;\n}\n\n/** Collapse newlines and cap length so a long/multiline arg stays one row. */\nfunction oneLine(s: string, max = 72): string {\n  const flat = s.replace(/\\s+/g, ' ').trim();\n  return flat.length > max ? `${flat.slice(0, max - 1)}…` : flat;\n}\n\n/** Options for {@link formatInfo}. */\nexport interface FormatInfoOptions {\n  /** Wrap headers/labels/placeholders in ANSI colors. Default: false. */\n  color?: boolean;\n}\n\n/**\n * Render an {@link InfoData} into the human-readable `clabox info` report.\n * Pure: pass `{ color: true }` for ANSI styling (the CLI keys this off a TTY),\n * leave it off for plain text (tests, pipes).\n */\nexport function formatInfo(d: InfoData, { color = false }: FormatInfoOptions = {}): string {\n  const paint = (code: string, s: string): string => (color ? `${code}${s}${ANSI.reset}` : s);\n  // Empty/placeholder values (`-`, `(none)`, …) read as dim; everything else plain.\n  const dimIfEmpty = (v: string): string => (/^(-|\\(.*\\))$/.test(v) ? paint(ANSI.dim, v) : v);\n\n  const lines: string[] = [];\n  const header = (title: string, note = ''): void => {\n    lines.push('', paint(ANSI.bold, `[${title}]`) + (note ? paint(ANSI.dim, `  ${note}`) : ''));\n  };\n  const row = (label: string, value: string | number | boolean | null | undefined): void => {\n    const raw = value === null || value === undefined || value === '' ? '-' : String(value);\n    lines.push(`  ${paint(ANSI.cyan, label.padEnd(LABEL_WIDTH))}${dimIfEmpty(raw)}`);\n  };\n  // One labeled line per value (label only on the first); `-` when empty.\n  const listRows = (label: string, values: string[]): void => {\n    if (values.length === 0) {\n      row(label, '-');\n      return;\n    }\n    values.forEach((v, i) => {\n      row(i === 0 ? label : '', v);\n    });\n  };\n\n  lines.push(paint(ANSI.bold, `${d.name} v${d.version}`) + paint(ANSI.dim, ` — ${d.description}`));\n\n  header('clabox');\n  row('version', d.version);\n  row('claboxBin', d.claboxBin ?? '(unknown)');\n  row('claboxRoot', d.claboxRoot ? tildify(d.claboxRoot) : '(unknown)');\n  row('node', `${d.node} (${tildify(d.nodeBin)})`);\n  row('platform', d.platform);\n  row('claudeBin', d.claudeBin ? tildify(d.claudeBin) : paint(ANSI.yellow, 'not found'));\n  row('sandbox-exec', d.sandboxExec ?? paint(ANSI.yellow, 'not found (macOS only)'));\n\n  header('box');\n  row('box', d.box ?? '(none)');\n  row('slug', d.slug);\n  row('project', tildify(d.projectDir));\n  const builtNote = d.profileExists ? '' : paint(ANSI.dim, ' (not built)');\n  row('profile', tildify(d.profileFile) + builtNote);\n\n  header('config');\n  row('configFile', d.configFile ? tildify(d.configFile) : '(defaults — no file)');\n  row('configDir', tildify(d.configDir));\n  row('network', d.network);\n  row('ulimitProcs', d.ulimitProcs || '(off)');\n  row('bot', `${d.bot.name} <${d.bot.email}>`);\n  row('mcp', d.mcpServers.join(', ') || '(none)');\n  row('systemPrompt', d.hasSystemPrompt ? '(set)' : '(none)');\n  row('hooks', d.hookEvents.join(', ') || '(none)');\n  listRows('claudeArgs', d.claudeArgs);\n  listRows('readWrite', d.paths.readWrite);\n  listRows('readOnly', d.paths.readOnly);\n  listRows('exec', d.paths.exec);\n  listRows('deny', d.paths.deny);\n  row('denyHome', d.denyHome.join(', ') || '(none)');\n  row('denyDotConfigs', d.denyDotConfigs.join(', ') || '(none)');\n  listRows('env', d.env);\n\n  header('extras', 'compiled from this box: mcp / systemPrompt / hooks');\n  listRows(\n    'args',\n    d.extraArgs.map((a) => oneLine(a)),\n  );\n  listRows('files', d.extraFiles.map(tildify));\n\n  header('env', 'clabox-relevant vars in the environment');\n  listRows('', d.processEnv);\n\n  return lines.join('\\n');\n}\n"],"mappings":";;;;;;;;;;;;;;;;AA6BA,SAAgB,uBAAsC;CACpD,IAAI,MAAM,KAAK,QAAQ,cAAc,OAAO,KAAK,GAAG,CAAC;CACrD,KAAK,IAAI,IAAI,GAAG,IAAI,GAAG,KAAK;EAC1B,IAAI;GACF,MAAM,MAAM,KAAK,MAAM,GAAG,aAAa,KAAK,KAAK,KAAK,cAAc,GAAG,MAAM,CAAC;GAC9E,IAAI,IAAI,SAAS,UAAU,OAAO;IAAE,MAAM;IAAK,SAAS,IAAI,WAAW;GAAU;EACnF,QAAQ,CAER;EACA,MAAM,SAAS,KAAK,QAAQ,GAAG;EAC/B,IAAI,WAAW,KAAK;EACpB,MAAM;CACR;CACA,OAAO;EAAE,MAAM;EAAM,SAAS;CAAU;AAC1C;;AAGA,SAAgB,gBAAwB;CACtC,OAAO,qBAAqB,CAAC,CAAC;AAChC;;AA0DA,MAAM,cAAc;CAClB;CACA;CACA;CACA;CACA;CACA;AACF;;AASA,SAAgB,WAAW,QAAgB,OAA0B,CAAC,GAAa;CACjF,MAAM,aAAa,kBAAkB,MAAM;CAC3C,MAAM,OAAO,QAAQ,KAAK,YAAY,UAAU;CAChD,MAAM,SAAS,eAAe,QAAQ,IAAI;CAC1C,MAAM,cAAc,YAAY,UAAU;CAC1C,MAAM,YAAY,OAAO,aAAa,MAAM,QAAQ;CACpD,MAAM,MAAM,qBAAqB;CAEjC,MAAM,aAAa,YAAY,QAAQ,MAAM,QAAQ,IAAI,MAAM,IAAI,CAAC,CAAC,KAClE,MAAM,GAAG,EAAE,GAAG,QAAQ,IAAI,IAC7B;CAEA,OAAO;EACL,MAAM;EACN,SAAS,IAAI;EACb,aAAa;EACb,MAAM,QAAQ;EACd,SAAS,QAAQ;EACjB,UAAU,QAAQ;EAClB,WAAW,QAAQ,KAAK,MAAM,MAAM,QAAQ;EAC5C,YAAY,IAAI;EAChB;EACA,aAAa,MAAM,cAAc;EACjC,KAAK,KAAK,OAAO;EACjB;EACA;EACA;EACA,eAAe,GAAG,WAAW,WAAW;EACxC,YAAY,KAAK,cAAc;EAC/B,WAAW,WAAW,OAAO,SAAS;EACtC,SAAS,OAAO;EAChB,aAAa,OAAO;EACpB,YAAY,OAAO;EACnB,YAAY,OAAO,KAAK,OAAO,OAAO,CAAC,CAAC;EACxC,iBAAiB,SACd,MAAM,QAAQ,OAAO,YAAY,IAC9B,OAAO,aAAa,KAAK,EAAE,IAC1B,OAAO,gBAAgB,GAAA,CAC1B,KAAK,CACT;EACA,YAAY,OAAO,KAAK,OAAO,SAAS,CAAC,CAAC;EAC1C,KAAK,OAAO;EACZ,OAAO,OAAO;EACd,UAAU,OAAO;EACjB,gBAAgB,OAAO;EACvB,KAAK,OAAO,QAAQ,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,OAAO,GAAG,EAAE,GAAG,GAAG;EACjE,WAAW,OAAO;EAClB,YAAY,OAAO,MAAM,KAAK,MAAM,EAAE,IAAI;EAC1C;CACF;AACF;AAEA,MAAM,cAAc;AAEpB,MAAM,OAAO;CACX,OAAO;CACP,MAAM;CACN,KAAK;CACL,MAAM;CACN,QAAQ;AACV;;AAGA,SAAS,QAAQ,GAAmB;CAClC,OAAO,EAAE,WAAW,IAAI,IAAI,IAAI,EAAE,MAAM,KAAK,MAAM,MAAM;AAC3D;;AAGA,SAAS,QAAQ,GAAW,MAAM,IAAY;CAC5C,MAAM,OAAO,EAAE,QAAQ,QAAQ,GAAG,CAAC,CAAC,KAAK;CACzC,OAAO,KAAK,SAAS,MAAM,GAAG,KAAK,MAAM,GAAG,MAAM,CAAC,EAAE,KAAK;AAC5D;;;;;;AAaA,SAAgB,WAAW,GAAa,EAAE,QAAQ,UAA6B,CAAC,GAAW;CACzF,MAAM,SAAS,MAAc,MAAuB,QAAQ,GAAG,OAAO,IAAI,KAAK,UAAU;CAEzF,MAAM,cAAc,MAAuB,eAAe,KAAK,CAAC,IAAI,MAAM,KAAK,KAAK,CAAC,IAAI;CAEzF,MAAM,QAAkB,CAAC;CACzB,MAAM,UAAU,OAAe,OAAO,OAAa;EACjD,MAAM,KAAK,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,EAAE,KAAK,OAAO,MAAM,KAAK,KAAK,KAAK,MAAM,IAAI,GAAG;CAC5F;CACA,MAAM,OAAO,OAAe,UAA8D;EACxF,MAAM,MAAM,UAAU,QAAQ,UAAU,KAAA,KAAa,UAAU,KAAK,MAAM,OAAO,KAAK;EACtF,MAAM,KAAK,KAAK,MAAM,KAAK,MAAM,MAAM,OAAO,WAAW,CAAC,IAAI,WAAW,GAAG,GAAG;CACjF;CAEA,MAAM,YAAY,OAAe,WAA2B;EAC1D,IAAI,OAAO,WAAW,GAAG;GACvB,IAAI,OAAO,GAAG;GACd;EACF;EACA,OAAO,SAAS,GAAG,MAAM;GACvB,IAAI,MAAM,IAAI,QAAQ,IAAI,CAAC;EAC7B,CAAC;CACH;CAEA,MAAM,KAAK,MAAM,KAAK,MAAM,GAAG,EAAE,KAAK,IAAI,EAAE,SAAS,IAAI,MAAM,KAAK,KAAK,MAAM,EAAE,aAAa,CAAC;CAE/F,OAAO,QAAQ;CACf,IAAI,WAAW,EAAE,OAAO;CACxB,IAAI,aAAa,EAAE,aAAa,WAAW;CAC3C,IAAI,cAAc,EAAE,aAAa,QAAQ,EAAE,UAAU,IAAI,WAAW;CACpE,IAAI,QAAQ,GAAG,EAAE,KAAK,IAAI,QAAQ,EAAE,OAAO,EAAE,EAAE;CAC/C,IAAI,YAAY,EAAE,QAAQ;CAC1B,IAAI,aAAa,EAAE,YAAY,QAAQ,EAAE,SAAS,IAAI,MAAM,KAAK,QAAQ,WAAW,CAAC;CACrF,IAAI,gBAAgB,EAAE,eAAe,MAAM,KAAK,QAAQ,wBAAwB,CAAC;CAEjF,OAAO,KAAK;CACZ,IAAI,OAAO,EAAE,OAAO,QAAQ;CAC5B,IAAI,QAAQ,EAAE,IAAI;CAClB,IAAI,WAAW,QAAQ,EAAE,UAAU,CAAC;CACpC,MAAM,YAAY,EAAE,gBAAgB,KAAK,MAAM,KAAK,KAAK,cAAc;CACvE,IAAI,WAAW,QAAQ,EAAE,WAAW,IAAI,SAAS;CAEjD,OAAO,QAAQ;CACf,IAAI,cAAc,EAAE,aAAa,QAAQ,EAAE,UAAU,IAAI,sBAAsB;CAC/E,IAAI,aAAa,QAAQ,EAAE,SAAS,CAAC;CACrC,IAAI,WAAW,EAAE,OAAO;CACxB,IAAI,eAAe,EAAE,eAAe,OAAO;CAC3C,IAAI,OAAO,GAAG,EAAE,IAAI,KAAK,IAAI,EAAE,IAAI,MAAM,EAAE;CAC3C,IAAI,OAAO,EAAE,WAAW,KAAK,IAAI,KAAK,QAAQ;CAC9C,IAAI,gBAAgB,EAAE,kBAAkB,UAAU,QAAQ;CAC1D,IAAI,SAAS,EAAE,WAAW,KAAK,IAAI,KAAK,QAAQ;CAChD,SAAS,cAAc,EAAE,UAAU;CACnC,SAAS,aAAa,EAAE,MAAM,SAAS;CACvC,SAAS,YAAY,EAAE,MAAM,QAAQ;CACrC,SAAS,QAAQ,EAAE,MAAM,IAAI;CAC7B,SAAS,QAAQ,EAAE,MAAM,IAAI;CAC7B,IAAI,YAAY,EAAE,SAAS,KAAK,IAAI,KAAK,QAAQ;CACjD,IAAI,kBAAkB,EAAE,eAAe,KAAK,IAAI,KAAK,QAAQ;CAC7D,SAAS,OAAO,EAAE,GAAG;CAErB,OAAO,UAAU,oDAAoD;CACrE,SACE,QACA,EAAE,UAAU,KAAK,MAAM,QAAQ,CAAC,CAAC,CACnC;CACA,SAAS,SAAS,EAAE,WAAW,IAAI,OAAO,CAAC;CAE3C,OAAO,OAAO,yCAAyC;CACvD,SAAS,IAAI,EAAE,UAAU;CAEzB,OAAO,MAAM,KAAK,IAAI;AACxB"}

package/lib/info-C0WvNVNS.d.ts

@@ -0,0 +1,98 @@
+import { d as PathRules, i as Config, r as BotConfig } from "./config-1vfbPBRi.js";
+
+//#region src/info/info.d.ts
+/** clabox's own package: the install root + version, located at runtime. */
+interface ClaboxPackage {
+  /** Directory that holds clabox's package.json (its install root). */
+  root: string | null;
+  version: string;
+}
+/**
+ * Locate clabox's own package.json by walking up from this module. A relative
+ * `../../package.json` is unreliable because the bundler hoists shared code into
+ * hashed chunks at an unpredictable depth (`lib/info-<hash>.js`), so the literal
+ * `..` count no longer matches the source tree. Walking up until we hit the
+ * package.json whose `name` is `clabox` survives every layout: the source tree
+ * (`src/info/`), the built tree (`lib/`, `lib/<chunk>.js`) and an installed
+ * `node_modules/clabox/`.
+ */
+declare function resolveClaboxPackage(): ClaboxPackage;
+/** clabox's own version (best-effort; `'unknown'` if it can't be located). */
+declare function claboxVersion(): string;
+/** Everything `formatInfo` needs — a plain, serializable snapshot (no I/O). */
+interface InfoData {
+  name: string;
+  version: string;
+  description: string;
+  /** Node runtime version (`process.version`). */
+  node: string;
+  /** Node executable that's running clabox (`process.execPath`). */
+  nodeBin: string;
+  platform: string;
+  /** Path to the clabox entry actually running (`process.argv[1]`), null if unknown. */
+  claboxBin: string | null;
+  /** clabox's install root (dir of its package.json), null if it can't be found. */
+  claboxRoot: string | null;
+  /** Resolved `claude` binary (config → PATH → ~/.local/bin), null if absent. */
+  claudeBin: string | null;
+  /** Resolved `sandbox-exec` (this machine can sandbox iff non-null). */
+  sandboxExec: string | null;
+  /** Named box (`-b <name>`), null when none. */
+  box: string | null;
+  /** Per-box slug used to name the materialized mcp/settings files. */
+  slug: string;
+  /** Dir claude runs in and that's granted RW as the project. */
+  projectDir: string;
+  /** Deterministic profile path for {@link InfoData.projectDir}. */
+  profileFile: string;
+  /** Whether the profile has been generated already. */
+  profileExists: boolean;
+  /** Config file the effective config came from, null → built-in defaults. */
+  configFile: string | null;
+  /** Expanded `config.configDir` (Claude's profile dir). */
+  configDir: string;
+  network: boolean;
+  ulimitProcs: number;
+  claudeArgs: string[];
+  /** Per-box MCP server names (keys of `config.mcp`). */
+  mcpServers: string[];
+  /** Whether a per-box `systemPrompt` is set. */
+  hasSystemPrompt: boolean;
+  /** Per-box hook event names (keys of `config.hooks`). */
+  hookEvents: string[];
+  bot: BotConfig;
+  paths: PathRules;
+  denyHome: string[];
+  denyDotConfigs: string[];
+  /** Forced extra env (`config.env`) as `KEY=VALUE` strings. */
+  env: string[];
+  /** claude args compiled from this box's mcp/systemPrompt/hooks. */
+  extraArgs: string[];
+  /** Files the extras reference (mcp/settings json under ~/.config/clabox). */
+  extraFiles: string[];
+  /** clabox-relevant vars present in the process env (`KEY=VALUE`). */
+  processEnv: string[];
+}
+/** Options for {@link gatherInfo}. */
+interface GatherInfoOptions {
+  configFile?: string | null;
+  box?: string | null;
+}
+/** Snapshot the effective config + runtime resolution into an {@link InfoData}. */
+declare function gatherInfo(config: Config, opts?: GatherInfoOptions): InfoData;
+/** Options for {@link formatInfo}. */
+interface FormatInfoOptions {
+  /** Wrap headers/labels/placeholders in ANSI colors. Default: false. */
+  color?: boolean;
+}
+/**
+ * Render an {@link InfoData} into the human-readable `clabox info` report.
+ * Pure: pass `{ color: true }` for ANSI styling (the CLI keys this off a TTY),
+ * leave it off for plain text (tests, pipes).
+ */
+declare function formatInfo(d: InfoData, {
+  color
+}?: FormatInfoOptions): string;
+//#endregion
+export { claboxVersion as a, resolveClaboxPackage as c, InfoData as i, FormatInfoOptions as n, formatInfo as o, GatherInfoOptions as r, gatherInfo as s, ClaboxPackage as t };
+//# sourceMappingURL=info-C0WvNVNS.d.ts.map

package/lib/init/app.d.ts

@@ -1,2 +1,2 @@
-import { a as installIcon, i as canBuildApps, n as BuildAppResult, r as buildApp, t as BuildAppOptions } from "../app-B1djcEnN.js";
+import { a as installIcon, i as canBuildApps, n as BuildAppResult, r as buildApp, t as BuildAppOptions } from "../app-MIaByu-I.js";
 export { BuildAppOptions, BuildAppResult, buildApp, canBuildApps, installIcon };

package/lib/init/app.js

@@ -1,2 +1,2 @@
-import { n as canBuildApps, r as installIcon, t as buildApp } from "../app-ChnKbgkD.js";
+import { n as canBuildApps, r as installIcon, t as buildApp } from "../app-CuEM7S0i.js";
 export { buildApp, canBuildApps, installIcon };

package/lib/init/ghostty.d.ts

@@ -1,2 +1,2 @@
-import { a as buildLauncherSource, i as buildGhosttyConfig, n as appBundlePath, o as bundleId, r as buildCommand, t as GhosttyConfigOptions } from "../ghostty-DFwFh4aL.js";
+import { a as buildLauncherSource, i as buildGhosttyConfig, n as appBundlePath, o as bundleId, r as buildCommand, t as GhosttyConfigOptions } from "../ghostty-D8KUXOw7.js";
 export { GhosttyConfigOptions, appBundlePath, buildCommand, buildGhosttyConfig, buildLauncherSource, bundleId };

package/lib/init/raycast.d.ts

@@ -1,2 +1,2 @@
-import { n as buildRaycastCommand, r as raycastIcon, t as RaycastCommandOptions } from "../raycast-fc5U1x7E.js";
+import { n as buildRaycastCommand, r as raycastIcon, t as RaycastCommandOptions } from "../raycast-DuHEu0Vz.js";
 export { RaycastCommandOptions, buildRaycastCommand, raycastIcon };

package/lib/init/scaffold.js

@@ -1,2 +1,2 @@
-import { n as discoverProfiles, r as runInit, t as defaultBaseDir } from "../scaffold-BdvCQVid.js";
+import { n as discoverProfiles, r as runInit, t as defaultBaseDir } from "../scaffold-DiG5q28w.js";
 export { defaultBaseDir, discoverProfiles, runInit };

package/lib/{profile-DM6NAgb-.js → profile-1oytMVlE.js}

@@ -1,4 +1,4 @@
-import { i as expandHome, t as HOME } from "./config-BQ44iVWT.js";
+import { n as claboxHomeDir, s as expandHome, t as HOME } from "./config-CY_Cf87P.js";
 import path from "node:path";
 import fs from "node:fs";
 //#region src/sandbox/profile.ts
@@ -30,6 +30,25 @@ function detectPackagePaths() {
 	return paths;
 }
 /**
+* The clabox home as it physically resolves on disk, but ONLY when
+* {@link claboxHomeDir} is a symlink (so the real path differs from the nominal
+* `~/.config/clabox` one). Used to grant the resolved location in the profile —
+* the macOS sandbox matches the symlink-resolved path, so a relocated clabox
+* home (e.g. symlinked into a project repo) would otherwise have its box configs
+* + compiled `--mcp-config` / `--settings` denied. Best-effort: returns `[]`
+* when the home is absent or already canonical.
+*/
+function resolvedClaboxHome() {
+	const home = claboxHomeDir();
+	let realHome;
+	try {
+		realHome = fs.realpathSync(home);
+	} catch {
+		return [];
+	}
+	return realHome === home ? [] : [realHome];
+}
+/**
 * Build the full SBPL profile text.
 * @param config  effective config (see config.ts)
 * @param ctx     { projectDir, detectedPaths }
@@ -37,7 +56,6 @@ function detectPackagePaths() {
 function buildProfile(config, { projectDir, detectedPaths = detectPackagePaths() }) {
 	const configDir = expandHome(config.configDir);
 	const sshDir = expandHome(config.bot.sshDir);
-	const hooksDir = config.hooksDir ? expandHome(config.hooksDir) : null;
 	const homeRe = reEscape(HOME);
 	const sections = [];
 	const add = (comment, body) => sections.push(`;; ---------- ${comment}\n${body}`);
@@ -73,13 +91,13 @@ function buildProfile(config, { projectDir, detectedPaths = detectPackagePaths()
 	add("Launch Services needed by /usr/bin/open", allow("mach-lookup", regex("^com\\.apple\\.lsd(\\..*)?$")));
 	add("Developer Tools (xcrun / libxcrun)", allow("mach-lookup", globalName("com.apple.dt.xcsecurity"), regex("^com\\.apple\\.dt\\..*$")));
 	add("Audio (afplay)", allow("mach-lookup", globalName("com.apple.audio.audiohald"), globalName("com.apple.audio.AudioComponentRegistrar")));
+	add("Notifications (terminal-notifier / osascript banners)", allow("mach-lookup", globalName("com.apple.hiservices-xpcservice")));
 	add("Notification Center shared-memory (RO)", allow("ipc-posix-shm-read-data", ipcName("apple.shm.notification_center")));
 	add("User-level preference reads (RO)", allow("file-read*", subpath(path.join(HOME, "Library/Preferences"))));
 	add("Keychain access (for OAuth)", [allow("file-read* file-write*", subpath(path.join(HOME, "Library/Keychains"))), allow("mach-lookup", globalName("com.apple.SecurityServer"), globalName("com.apple.security.agent"), globalName("com.apple.securityd"), globalName("com.apple.secd"), globalName("com.apple.trustd"), globalName("com.apple.trustd.agent"), globalName("com.apple.CoreAuthentication.daemon"))].join("\n"));
 	add("git config (RO)", allow("file-read*", literal(path.join(HOME, ".gitconfig")), literal(path.join(HOME, ".gitignore_global")), subpath(path.join(HOME, ".config/git"))));
 	add("soft privacy DENY list (overridable by explicit grants)", deny("file-read* file-write*", ...[...config.denyHome.map((d) => subpath(path.join(HOME, d))), ...config.paths.deny.map((p) => subpath(expandHome(p)))]));
 	add("SSH: bot key + known_hosts (personal keys hard-denied at the very end)", [allow("file-read*", literal(path.join(HOME, ".ssh")), literal(path.join(HOME, ".ssh/known_hosts")), literal(path.join(HOME, ".ssh/known_hosts2")), literal(path.join(HOME, ".ssh/config")), subpath(sshDir)), allow("file-write*", literal(path.join(HOME, ".ssh/known_hosts")), literal(path.join(HOME, ".ssh/known_hosts2")))].join("\n"));
-	add("claude hooks (RO + exec)", hooksDir && fs.existsSync(hooksDir) ? [allow("file-read* file-map-executable", subpath(hooksDir)), allow("process-exec", subpath(hooksDir))].join("\n") : ";; (no hooks dir; set config.hooksDir / CLABOX_HOOKS_DIR to enable)");
 	if (config.paths.readOnly.length) add("extra read-only paths", allow("file-read*", ...config.paths.readOnly.map((p) => subpath(expandHome(p)))));
 	if (config.paths.readWrite.length) add("extra read-write paths", allow("file-read* file-write*", ...config.paths.readWrite.map((p) => subpath(expandHome(p)))));
 	if (config.paths.exec.length) add("extra exec paths", allow("process-exec", ...config.paths.exec.map((p) => subpath(expandHome(p)))));
@@ -88,6 +106,8 @@ function buildProfile(config, { projectDir, detectedPaths = detectPackagePaths()
 	if (config.denyDotConfigs.length) hardDeny.push(regex(`^${homeRe}/\\.(${config.denyDotConfigs.join("|")})($|/)`));
 	hardDeny.push(regex(`^${homeRe}/\\.ssh/id_`), regex(`^${homeRe}/\\.ssh/.*\\.pem$`), regex(`^${homeRe}/\\.ssh/.*\\.key$`));
 	add("hard secret DENY (always wins — credentials & private keys)", deny("file-read* file-write*", ...hardDeny));
+	const claboxDirs = [claboxHomeDir(), ...resolvedClaboxHome()];
+	add("clabox home (box configs + compiled mcp/settings) RW — re-granted after the hard deny", [allow("file-read* file-write*", ...claboxDirs.map(subpath)), allow("process-exec", ...claboxDirs.map(subpath))].join("\n"));
 	if (config.network) add("networking", "(allow network*)");
 	sections.push("(allow process-fork)\n(allow lsopen)");
 	const text = `${sections.join("\n\n")}\n`;
@@ -95,6 +115,6 @@ function buildProfile(config, { projectDir, detectedPaths = detectPackagePaths()
 	return text;
 }
 //#endregion
-export { literal as a, subpath as c, ipcName as i, detectPackagePaths as n, reEscape as o, globalName as r, regex as s, buildProfile as t };
+export { literal as a, resolvedClaboxHome as c, ipcName as i, subpath as l, detectPackagePaths as n, reEscape as o, globalName as r, regex as s, buildProfile as t };
 
-//# sourceMappingURL=profile-DM6NAgb-.js.map
+//# sourceMappingURL=profile-1oytMVlE.js.map