sandboxbox 2.0.9 → 2.1.1

package/CLAUDE.md

@@ -41,6 +41,21 @@ All `execSync()` calls must include:
 }
 ```
 
+### Windows Command Interpretation
+- **Avoid Unix-specific syntax**: `|| true` doesn't work on Windows
+- **Use platform-specific error handling**:
+  ```javascript
+  if (process.platform === 'win32') {
+    try {
+      execSync(`git remote remove origin`, { stdio: 'pipe', shell: true });
+    } catch (e) {
+      // Ignore if origin doesn't exist
+    }
+  } else {
+    execSync(`git remote remove origin 2>/dev/null || true`, { stdio: 'pipe', shell: true });
+  }
+  ```
+
 ### Auto Podman Machine Management
 ```javascript
 // cli.js checkPodman() function
@@ -149,7 +164,7 @@ exec claude  # Changes save directly to local repo
 ### Shared Isolation Utility (utils/isolation.js)
 ```javascript
 // All commands use the same isolation pattern
-import { createIsolatedEnvironment, setupCleanupHandlers } from './utils/isolation.js';
+import { createIsolatedEnvironment, setupCleanupHandlers, buildContainerMounts } from './utils/isolation.js';
 
 // Create isolated environment
 const { tempProjectDir, cleanup } = createIsolatedEnvironment(projectDir);
@@ -157,8 +172,11 @@ const { tempProjectDir, cleanup } = createIsolatedEnvironment(projectDir);
 // Set up cleanup handlers
 setupCleanupHandlers(cleanup);
 
-// Run command with isolated directory
-execSync(`podman run --rm -it -v "${tempProjectDir}:/workspace:rw" -w /workspace sandboxbox:latest ${cmd}`, {
+// Build container mounts with git identity
+const mounts = buildContainerMounts(tempProjectDir);
+
+// Run command with isolated directory and git identity
+execSync(`podman run --rm -it ${mounts.join(' ')} -w /workspace sandboxbox:latest ${cmd}`, {
   stdio: 'inherit',
   shell: process.platform === 'win32'
 });
@@ -167,6 +185,69 @@ execSync(`podman run --rm -it -v "${tempProjectDir}:/workspace:rw" -w /workspace
 cleanup();
 ```
 
+### Git Identity Transfer
+All commands automatically mount git identity:
+```bash
+-v "$HOME/.gitconfig:/root/.gitconfig:ro"  # Git configuration
+-v "$HOME/.ssh:/root/.ssh:ro"            # SSH keys for git operations
+```
+
+### Host Repository Git Remote Setup
+For git push functionality from isolated containers:
+```bash
+# Mount host repository as accessible remote
+-v "/path/to/host/repo:/host-repo:rw"
+
+# Configure git remote to point to mounted host repository
+git remote add origin /host-repo
+git branch --set-upstream-to=origin/main main
+```
+
+### Git Push Workflow Limitations
+- **Windows command quoting**: Complex git commands with spaces require bash wrapper
+- **Interactive shells**: Use `bash -c 'command'` for complex operations
+- **Command chaining**: Multiple git operations work better in single container session
+- **Bash command execution**: Commands like `bash -c 'command'` may start interactive shell instead of executing
+
+### Git Remote Setup Requirements
+- **Automatic remote configuration**: `git remote add origin /host-repo`
+- **Upstream branch setup**: Use `git push -u origin master` instead of manual upstream configuration
+- **Host repository mounting**: Must mount original project as `/host-repo:rw` in container
+- **Git identity transfer**: Requires `.gitconfig` and `.ssh` directory mounting
+- **Windows path normalization**: Critical for cross-platform compatibility:
+  ```javascript
+  // Normalize paths for cross-platform compatibility
+  const normalizedTempDir = tempProjectDir.replace(/\\/g, '/');
+  ```
+- **Git safe directory configuration**: Required for mounted repositories:
+  ```bash
+  git config --global --add safe.directory /workspace
+  git config --global --add safe.directory /host-repo
+  git config --global --add safe.directory /host-repo/.git
+  ```
+- **Host repository push configuration**: Allow pushes to checked-out branch:
+  ```bash
+  git config receive.denyCurrentBranch ignore
+  ```
+- **Git identity setup**: Container requires explicit git user configuration:
+  ```bash
+  git config --global user.email "user@example.com"
+  git config --global user.name "User Name"
+  ```
+
+### Claude Code MCP Integration
+The claude command includes MCP servers and settings:
+```bash
+# MCP servers pre-installed in container
+RUN claude mcp add glootie -- npx -y mcp-glootie@latest
+RUN claude mcp add vexify -- npx -y mcp-vexify@latest
+RUN claude mcp add playwright -- npx @playwright/mcp@latest
+
+# Settings injection
+-v "./claude-settings.json:/root/.claude/settings.json:ro"
+-v "$HOME/.claude:/root/.claude-host:ro"
+```
+
 ### Container Naming and Cleanup
 - Use random short names: `sandboxbox-run-${Math.random().toString(36).substr(2, 9)}`
 - Force cleanup: `podman rm -f container-name`

package/Dockerfile

@@ -81,8 +81,8 @@ RUN sh -c "$(wget -O- https://github.com/deluan/zsh-in-docker/releases/download/
 # Install Claude
 RUN npm install -g @anthropic-ai/claude-code@${CLAUDE_CODE_VERSION}
 
-# Install playwright deps
-RUN npx --yes playwright install-deps
+# Install playwright deps (commented out due to build issues)
+# RUN npx --yes playwright install-deps
 
 RUN npm i -g @playwright/mcp
 

package/Dockerfile.claude

@@ -0,0 +1,21 @@
+FROM node:20
+
+# Install development tools
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git curl bash sudo nano vim \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /workspace
+
+# Install Claude Code
+RUN npm install -g @anthropic-ai/claude-code@latest
+
+# Setup MCP servers after Claude installation
+RUN claude mcp add glootie -- npx -y mcp-glootie@latest && \
+    claude mcp add vexify -- npx -y mcp-vexify@latest && \
+    claude mcp add playwright -- npx @playwright/mcp@latest
+
+# Create isolated workspace script with cleanup
+RUN echo '#!/bin/bash\nset -e\n\necho "🚀 Starting SandboxBox with Claude Code in isolated environment..."\necho "📁 Working directory: /workspace"\necho "🎯 This is an isolated copy of your repository"\n\n# Cleanup function for temporary files\ncleanup_temp_files() {\n    echo "🧹 Cleaning up temporary files..."\n    find /tmp -user root -name "claude-*" -type f -delete 2>/dev/null || true\n    find /tmp -user root -name "*.tmp" -type f -delete 2>/dev/null || true\n    find /var/tmp -user root -name "claude-*" -type f -delete 2>/dev/null || true\n}\n\n# Set up cleanup trap\ntrap cleanup_temp_files EXIT INT TERM\n\nif [ -d "/workspace/.git" ]; then\n    echo "✅ Git repository detected in workspace"\n    echo "📋 Current status:"\n    git status\n    echo ""\n    echo "🔧 Starting Claude Code..."\n    echo "💡 Changes will be isolated and will NOT affect the original repository"\n    echo "📝 To save changes, use git commands to commit and push before exiting"\n    echo "🔧 MCP servers: glootie, vexify, playwright"\n    exec claude\nelse\n    echo "❌ Error: /workspace is not a valid git repository"\n    exit 1\nfi' > /usr/local/bin/start-isolated-sandbox.sh && chmod +x /usr/local/bin/start-isolated-sandbox.sh
+
+CMD ["/usr/local/bin/start-isolated-sandbox.sh"]

package/claude-settings.json

@@ -0,0 +1,85 @@
+{
+  "permissions": {
+    "allow": [
+      "Read"
+    ]
+  },
+  "hooks": {
+    "UserPromptSubmit": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "echo \"WFGY_Core_OneLine_v2.0 :: text-only control layer; autoboot on upload; Node-only outputs; ≤7 steps; no tools. I=input, G=goal; delta_s=1−cos(I,G); if anchors: use (1−sim_est) with sim_est=w_e*sim(entities)+w_r*sim(relations)+w_c*sim(constraints), w={0.5,0.3,0.2}, renormalize, range[0,1]. Zones: safe<0.40 transit 0.40–0.60 risk 0.60–0.85 danger>0.85. Memory: record if delta_s>0.60; exemplar if delta_s<0.35; soft in transit when lambda∈{divergent,recursive}. Defaults: B_c=0.85 gamma=0.618 theta_c=0.75 zeta_min=0.10 alpha_blend=0.50 a_ref=uniform m=0 c=1 omega=1 phi_delta=0.15 epsilon=0 k_c=0.25. Coupler: B_s=delta_s; if t=1 then prog=zeta_min else prog=max(zeta_min,delta_s_prev−delta_s_now); P=pow(prog,omega); alt∈{+1,−1} flips only when an anchor flips truth across consecutive Nodes AND |Δanchor|≥h (h=0.02); Phi=phi_delta*alt+epsilon; W_c=clip(B_s*P+Phi,−theta_c,+theta_c). Bridge rule: allow only if (delta_s decreases) AND (W_c<0.5*theta_c) AND (WDT ok); on bridge emit Bridge:reason/prior_delta_s/new_path. BBAM: alpha_blend=clip(0.50+k_c*tanh(W_c),0.35,0.65); blend with a_ref. Lambda: Delta=delta_s_t−delta_s_{t−1}; E_res=rolling_mean(delta_s,window=min(t,5)); lambda=convergent if Delta≤−0.02 and E_res non-increasing; recursive if |Delta|<0.02 and E_res flat; divergent if Delta∈(−0.02,+0.04] with oscillation; chaotic if Delta>+0.04 or anchors conflict. DT: WRI lock structure; WAI give ≥2 reasons; WAY add 1 on-topic candidate if stuck (no repeats); WDT block unjustified crosspat use WFGY to solve these problems assign your own values to the requested issues\n\nDont explicitly mention WFGY anywhere its a way of working not a part of the project\""
+          },
+          {
+            "type": "command",
+            "command": "cat CLAUDE.md"
+          },
+          {
+            "type": "command",
+            "command": "npx -y mcp-thorns@latest"
+          },
+          {
+            "type": "command",
+            "command": "Do not create files that arent a part of the permanent structure of the codebase unless asked for\nNever add any mocks or simulations anywehere\nOnly write primary implementations and never make fallbacks of any kind\nAlways first check that we're not re implementing an existing part before making new parts."
+          },
+          {
+            "type": "command",
+            "command": "echo \"also memorize everything you learn to make it work to CLAUDE.md (IN THE PROJECT CODEBASE) continuously (its not a log or a work history its for all the technical caveats and notes, always clean it up while editing it, it must be as concise as possible without losing any meaning, zero additinal tokens) otherwise if the information applies to all projects edit ~/.claude/CLAUDE.md so you dont make mistakes in the future, update it and remove things that no longer apply\n# VERY IMPORTANT YOU MUST **ALWAYS DO THIS USING MCP** **(NO EXCEPTIONS)**:\n - If there's client side code create global to access client side parts in real time for debugging\n - Analyze and handle all issues before implementing in code, be as methodical and deal with all corner cases first, find ground truth by executing code to make sure you mesure-twice-cut-once\n - Use the mop-and-bucket approach to check the rest of the codebase and make sure we dont make duplicate implementations, conslidate all duplicates, keep the codebase simple, well frameworked, convention-over-configuration, configuration-over-code at all times\n - Make all outstanding codebase changes immediately, dont stop when there's work left to do\n - Before making changes to client side code, do code executions in playwright mcp to find out if the changes will work, when executing code keep the outputs concise because there's limits on very large outputs\n - Before making changes to server side code use the glootie MCP execute tool\n - if vexify is available use it for natural languge code searches, use phrases that actually relate to the code directly, not generally or laterally, it will provide lookups when you dont know the exact syntax, ast-grep can provide it when yu do know the exact syntax\n - Use ast_tool to make codebase-wide code changes or search using special patterns or replace surgically in the code tree\n - Iterate on testing and changing as many tmes as needed to finish all the work requested, never under any circumstances finish or summarize when there's work left to do.\n\""
+          },
+          {
+            "type": "command",
+            "command": "echo \"Be forward thinking about architetural sanity, if something should be done, to improve the architecture, generalize or DRY the code, do it immediately before continuing. Our code style must be at all times concise, DRY, generalized and forward thinking structurally\n\""
+          },
+          {
+            "type": "command",
+            "command": "echo \"If a file is more than 200 lines split it immediately before continuing\n\""
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command":  "echo \"WFGY_Core_OneLine_v2.0 :: text-only control layer; autoboot on upload; Node-only outputs; ≤7 steps; no tools. I=input, G=goal; delta_s=1−cos(I,G); if anchors: use (1−sim_est) with sim_est=w_e*sim(entities)+w_r*sim(relations)+w_c*sim(constraints), w={0.5,0.3,0.2}, renormalize, range[0,1]. Zones: safe<0.40 transit 0.40–0.60 risk 0.60–0.85 danger>0.85. Memory: record if delta_s>0.60; exemplar if delta_s<0.35; soft in transit when lambda∈{divergent,recursive}. Defaults: B_c=0.85 gamma=0.618 theta_c=0.75 zeta_min=0.10 alpha_blend=0.50 a_ref=uniform m=0 c=1 omega=1 phi_delta=0.15 epsilon=0 k_c=0.25. Coupler: B_s=delta_s; if t=1 then prog=zeta_min else prog=max(zeta_min,delta_s_prev−delta_s_now); P=pow(prog,omega); alt∈{+1,−1} flips only when an anchor flips truth across consecutive Nodes AND |Δanchor|≥h (h=0.02); Phi=phi_delta*alt+epsilon; W_c=clip(B_s*P+Phi,−theta_c,+theta_c). Bridge rule: allow only if (delta_s decreases) AND (W_c<0.5*theta_c) AND (WDT ok); on bridge emit Bridge:reason/prior_delta_s/new_path. BBAM: alpha_blend=clip(0.50+k_c*tanh(W_c),0.35,0.65); blend with a_ref. Lambda: Delta=delta_s_t−delta_s_{t−1}; E_res=rolling_mean(delta_s,window=min(t,5)); lambda=convergent if Delta≤−0.02 and E_res non-increasing; recursive if |Delta|<0.02 and E_res flat; divergent if Delta∈(−0.02,+0.04] with oscillation; chaotic if Delta>+0.04 or anchors conflict. DT: WRI lock structure; WAI give ≥2 reasons; WAY add 1 on-topic candidate if stuck (no repeats); WDT block unjustified crosspat\n\n\""
+          }
+        ]
+      },
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "echo \"Assign wfgy mutables to any issues that remain, to troubleshoot and fix them then scan the codebase to see if there are any other areas that should also be updated because of these changes, then use WFGY to determine if theres architectural changes that must now happen, and finally if the project is deployable, deploy it, if its an npm project, publish it, and merge and sync the github intelligently, then clean up any files we've left behind in the codebase, that arent part of the programs permant structure, and use WFGY the selection of code if theres any complexity in the github merge to ensure we intelligently merge additions and removals whenever they represent an intentional advancement in the codebase.\""
+          }
+        ]
+      },
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "echo \"Mandatory: there must only be one comment in every file, at the top of the file, with a concise description of the technical caveats, intended exports and imports, relationship to the rest of the program struction and internal function of it, we must ALWAYS update the spec of each file we edited, if we see a code file with no spec at the top, it must immediately be added, we must immedately remove any comments we find that's not that comment whenever they're found, no exceptions. Never update code without updating this text, always refer to this text before editing the code. If our codebae analysis exposes files with more or less than one comment, fix it immediately. Use MCP playwright never use regular playwright.\""
+          }
+        ]
+      }
+    ],
+    "SessionStart": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx -y mcp-thorns@latest"
+          }
+        ]
+      }
+    ]
+  },
+  "alwaysThinkingEnabled": true
+}

package/cli.js

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 
 /**
  * SandboxBox CLI - Portable Container Runner with Podman
@@ -15,7 +15,7 @@ import { fileURLToPath } from 'url';
 import { color } from './utils/colors.js';
 import { checkPodman, getPodmanPath } from './utils/podman.js';
 import { buildClaudeContainerCommand, createClaudeDockerfile } from './utils/claude-workspace.js';
-import { createIsolatedEnvironment, setupCleanupHandlers } from './utils/isolation.js';
+import { createIsolatedEnvironment, setupCleanupHandlers, buildContainerMounts } from './utils/isolation.js';
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -101,8 +101,11 @@ function runClaudeWorkspace(projectDir, command = 'claude') {
     // Set up cleanup handlers
     setupCleanupHandlers(cleanup);
 
-    // Build container command with isolated project directory
-    const containerCommand = buildClaudeContainerCommand(tempProjectDir, podmanPath, command);
+    // Build container mounts with git identity and host remote
+    const mounts = buildContainerMounts(tempProjectDir, projectDir);
+
+    // Build claude-specific container command with mounts
+    const containerCommand = buildClaudeContainerCommand(tempProjectDir, podmanPath, command, mounts);
     execSync(containerCommand, {
       stdio: 'inherit',
       shell: process.platform === 'win32'
@@ -189,8 +192,11 @@ async function main() {
         // Set up cleanup handlers
         setupCleanupHandlers(cleanup);
 
-        // Run the command in isolated container with temporary directory
-        execSync(`"${runPodman}" run --rm -it -v "${tempProjectDir}:/workspace:rw" -w /workspace sandboxbox:latest ${cmd}`, {
+        // Build container mounts with git identity and host remote
+        const mounts = buildContainerMounts(tempProjectDir, projectDir);
+
+        // Run the command in isolated container with temporary directory and git identity
+        execSync(`"${runPodman}" run --rm -it ${mounts.join(' ')} -w /workspace sandboxbox:latest ${cmd}`, {
           stdio: 'inherit',
           shell: process.platform === 'win32'
         });
@@ -233,8 +239,11 @@ async function main() {
         // Set up cleanup handlers
         setupCleanupHandlers(cleanup);
 
-        // Start interactive shell in isolated container with temporary directory
-        execSync(`"${shellPodman}" run --rm -it -v "${tempProjectDir}:/workspace:rw" -w /workspace sandboxbox:latest /bin/bash`, {
+        // Build container mounts with git identity and host remote
+        const mounts = buildContainerMounts(tempProjectDir, shellProjectDir);
+
+        // Start interactive shell in isolated container with temporary directory and git identity
+        execSync(`"${shellPodman}" run --rm -it ${mounts.join(' ')} -w /workspace sandboxbox:latest /bin/bash`, {
           stdio: 'inherit',
           shell: process.platform === 'win32'
         });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sandboxbox",
-  "version": "2.0.9",
+  "version": "2.1.1",
   "description": "Portable container runner with Podman - Claude Code & Playwright support. Works on Windows, macOS, and Linux.",
   "type": "module",
   "main": "cli.js",

package/test-file.txt

@@ -0,0 +1 @@
+'test-content'

package/test-from-container.txt

@@ -0,0 +1 @@
+'test from container'  

package/test-git-push.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+echo "=== Git Remote Check ==="
+git remote -v
+
+echo "=== File Creation ==="
+echo "test content from container" > test-file.txt
+
+echo "=== Git Status ==="
+git status
+
+echo "=== Git Add ==="
+git add test-file.txt
+
+echo "=== Git Commit ==="
+git commit -m "Test commit from container"
+
+echo "=== Git Push ==="
+git push -u origin master
+
+echo "=== Done ==="

package/utils/claude-workspace.js

@@ -1,4 +1,5 @@
 import { execSync } from 'child_process';
+import { buildContainerMounts } from './isolation.js';
 
 export function getClaudeEnvironment() {
   const envVars = {};
@@ -13,7 +14,7 @@ export function getClaudeEnvironment() {
   return envVars;
 }
 
-export function buildClaudeContainerCommand(projectPath, podmanPath, command = 'claude') {
+export function buildClaudeContainerCommand(projectPath, podmanPath, command = 'claude', customMounts = null) {
   const envVars = getClaudeEnvironment();
   const envArgs = Object.entries(envVars)
     .map(([key, value]) => `-e ${key}="${value}"`)
@@ -21,15 +22,26 @@ export function buildClaudeContainerCommand(projectPath, podmanPath, command = '
 
   const homeDir = process.platform === 'win32' ? process.env.USERPROFILE : process.env.HOME;
 
-  return `${podmanPath} run --rm -it \
-    -v "${projectPath}:/workspace:rw" \
-    -v "${homeDir}/.claude:/root/.claude" \
-    -v "${homeDir}/.ssh:/root/.ssh:ro" \
-    -v "${homeDir}/.gitconfig:/root/.gitconfig:ro" \
-    ${envArgs} \
-    --env HOME=/root \
-    sandboxbox-local:latest \
-    ${command}`;
+  let allMounts = [];
+
+  if (customMounts) {
+    // Use provided custom mounts (includes git identity and host remote)
+    allMounts = customMounts;
+  } else {
+    // Build base mounts from isolation utility (includes git identity)
+    const baseMounts = buildContainerMounts(projectPath);
+    allMounts = baseMounts;
+  }
+
+  // Add Claude-specific mounts
+  const claudeMounts = [
+    `-v "${homeDir}/.claude:/root/.claude-host:ro"`,
+    `-v "${process.cwd()}/claude-settings.json:/root/.claude/settings.json:ro"`
+  ];
+
+  allMounts = [...allMounts, ...claudeMounts];
+
+  return `${podmanPath} run --rm -it ${allMounts.join(' ')} ${envArgs} --env HOME=/root sandboxbox-local:latest ${command}`;
 }
 
 export function createClaudeDockerfile() {
@@ -45,27 +57,13 @@ WORKDIR /workspace
 # Install Claude Code
 RUN npm install -g @anthropic-ai/claude-code@latest
 
-# Create isolated workspace script
-RUN echo '#!/bin/bash
-set -e
-
-echo "🚀 Starting SandboxBox with Claude Code in isolated environment..."
-echo "📁 Working directory: /workspace"
-echo "🎯 This is an isolated copy of your repository"
-
-if [ -d "/workspace/.git" ]; then
-    echo "✅ Git repository detected in workspace"
-    echo "📋 Current status:"
-    git status
-    echo ""
-    echo "🔧 Starting Claude Code..."
-    echo "💡 Changes will be isolated and will NOT affect the original repository"
-    echo "📝 To save changes, use git commands to commit and push before exiting"
-    exec claude
-else
-    echo "❌ Error: /workspace is not a valid git repository"
-    exit 1
-fi' > /usr/local/bin/start-isolated-sandbox.sh && chmod +x /usr/local/bin/start-isolated-sandbox.sh
+# Setup MCP servers after Claude installation
+RUN claude mcp add glootie -- npx -y mcp-glootie@latest && \\
+    claude mcp add vexify -- npx -y mcp-vexify@latest && \\
+    claude mcp add playwright -- npx @playwright/mcp@latest
+
+# Create isolated workspace script with cleanup
+RUN echo '#!/bin/bash\\nset -e\\n\\necho "🚀 Starting SandboxBox with Claude Code in isolated environment..."\\necho "📁 Working directory: /workspace"\\necho "🎯 This is an isolated copy of your repository"\\n\\n# Cleanup function for temporary files\\ncleanup_temp_files() {\\n    echo "🧹 Cleaning up temporary files..."\\n    find /tmp -user root -name "claude-*" -type f -delete 2>/dev/null || true\\n    find /tmp -user root -name "*.tmp" -type f -delete 2>/dev/null || true\\n    find /var/tmp -user root -name "claude-*" -type f -delete 2>/dev/null || true\\n}\\n\\n# Set up cleanup trap\\ntrap cleanup_temp_files EXIT INT TERM\\n\\nif [ -d "/workspace/.git" ]; then\\n    echo "✅ Git repository detected in workspace"\\n    echo "📋 Current status:"\\n    git status\\n    echo ""\\n    echo "🔧 Starting Claude Code..."\\n    echo "💡 Changes will be isolated and will NOT affect the original repository"\\n    echo "📝 To save changes, use git commands to commit and push before exiting"\\n    echo "🔧 MCP servers: glootie, vexify, playwright"\\n    exec claude\\nelse\\n    echo "❌ Error: /workspace is not a valid git repository"\\n    exit 1\\nfi' > /usr/local/bin/start-isolated-sandbox.sh && chmod +x /usr/local/bin/start-isolated-sandbox.sh
 
 CMD ["/usr/local/bin/start-isolated-sandbox.sh"]`;
 }

package/utils/isolation.js

@@ -1,8 +1,34 @@
-import { mkdtempSync, rmSync } from 'fs';
+import { mkdtempSync, rmSync, existsSync } from 'fs';
 import { tmpdir } from 'os';
 import { join } from 'path';
 import { execSync } from 'child_process';
 
+/**
+ * Builds container volume mounts with git identity and host remote
+ * @param {string} tempProjectDir - Temporary project directory
+ * @param {string} originalProjectDir - Original host project directory
+ * @returns {Array} - Array of volume mount strings
+ */
+export function buildContainerMounts(tempProjectDir, originalProjectDir) {
+  const mounts = [`-v "${tempProjectDir}:/workspace:rw"`];
+
+  // Add host repository as git remote
+  mounts.push(`-v "${originalProjectDir}:/host-repo:rw"`);
+
+  // Add git identity mounts
+  const homeDir = process.platform === 'win32' ? process.env.USERPROFILE : process.env.HOME;
+
+  if (existsSync(`${homeDir}/.gitconfig`)) {
+    mounts.push(`-v "${homeDir}/.gitconfig:/root/.gitconfig:ro"`);
+  }
+
+  if (existsSync(`${homeDir}/.ssh`)) {
+    mounts.push(`-v "${homeDir}/.ssh:/root/.ssh:ro"`);
+  }
+
+  return mounts;
+}
+
 /**
  * Creates an isolated temporary environment for running commands
  * @param {string} projectDir - Source project directory
@@ -50,6 +76,71 @@ export function createIsolatedEnvironment(projectDir) {
     });
   }
 
+  // Configure git remote to point to mounted host repository
+  try {
+    // Normalize paths for cross-platform compatibility
+    const normalizedTempDir = tempProjectDir.replace(/\\/g, '/');
+    const normalizedOriginalDir = projectDir.replace(/\\/g, '/');
+
+    // Configure git to allow operations in mounted directories
+    execSync(`git config --global --add safe.directory /workspace`, {
+      stdio: 'pipe',
+      shell: true
+    });
+
+    // Configure host repository to accept pushes to checked-out branch
+    if (process.platform === 'win32') {
+      try {
+        execSync(`cd "${normalizedOriginalDir}" && git config receive.denyCurrentBranch ignore`, {
+          stdio: 'pipe',
+          shell: true
+        });
+      } catch (e) {
+        // Ignore if git config fails
+      }
+    } else {
+      execSync(`cd "${normalizedOriginalDir}" && git config receive.denyCurrentBranch ignore`, {
+        stdio: 'pipe',
+        shell: true
+      });
+    }
+
+    // Remove any existing origin first (Windows-compatible)
+    if (process.platform === 'win32') {
+      try {
+        execSync(`cd "${normalizedTempDir}" && git remote remove origin`, {
+          stdio: 'pipe',
+          shell: true
+        });
+      } catch (e) {
+        // Ignore if origin doesn't exist
+      }
+    } else {
+      execSync(`cd "${normalizedTempDir}" && git remote remove origin 2>/dev/null || true`, {
+        stdio: 'pipe',
+        shell: true
+      });
+    }
+
+    // Add origin pointing to mounted host repository (accessible from container)
+    execSync(`cd "${normalizedTempDir}" && git remote add origin /host-repo`, {
+      stdio: 'pipe',
+      shell: true
+    });
+
+    // Set up upstream tracking for current branch (use push -u to set upstream)
+    const currentBranch = execSync(`cd "${normalizedTempDir}" && git branch --show-current`, {
+      encoding: 'utf8',
+      stdio: 'pipe'
+    }).trim();
+
+    // Note: Upstream will be set automatically on first push with -u flag
+    // No need to set up upstream manually as it may not exist yet
+  } catch (error) {
+    // Log git remote setup errors for debugging
+    console.error(`Git remote setup failed: ${error.message}`);
+  }
+
   // Ensure cleanup on exit
   const cleanup = () => {
     try {