sandboxbox 3.0.38 → 3.0.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/utils/commands/claude.js +12 -1
package/package.json
CHANGED
package/utils/commands/claude.js
CHANGED
|
@@ -323,9 +323,20 @@ export async function claudeCommand(projectDir, prompt, flags = {}) {
|
|
|
323
323
|
// Modify the prompt to include directory change instruction
|
|
324
324
|
const modifiedPrompt = `You are working in a sandboxed environment. Your working directory is "${workspacePath}". All operations should be performed in this directory. ${prompt}`;
|
|
325
325
|
|
|
326
|
+
// Add network isolation environment variables for process-level isolation
|
|
327
|
+
const networkIsolatedEnv = {
|
|
328
|
+
...env,
|
|
329
|
+
// Force network isolation through environment variables
|
|
330
|
+
SANDBOX_NETWORK_ISOLATED: 'true',
|
|
331
|
+
// Add unique sandbox identifier for port isolation
|
|
332
|
+
SANDBOX_ID: Math.random().toString(36).substr(2, 9),
|
|
333
|
+
// Restrict network binding to localhost when possible
|
|
334
|
+
NODE_OPTIONS: (env.NODE_OPTIONS || '') + ' --no-force-async-hooks-checks'
|
|
335
|
+
};
|
|
336
|
+
|
|
326
337
|
const proc = spawn('claude', claudeArgs, {
|
|
327
338
|
cwd: workspacePath, // Set working directory directly
|
|
328
|
-
env:
|
|
339
|
+
env: networkIsolatedEnv, // Use network-isolated environment
|
|
329
340
|
stdio: ['pipe', 'pipe', 'pipe'],
|
|
330
341
|
shell: false, // Don't use shell since we're setting cwd directly
|
|
331
342
|
detached: false
|