sandboxbox 3.0.48 → 3.0.49

package/package/package/utils/sandbox.js

@@ -0,0 +1,341 @@
+import { mkdtempSync, rmSync, cpSync, existsSync, mkdirSync, writeFileSync, symlinkSync, realpathSync, readFileSync, appendFileSync } from 'fs';
+import { tmpdir, homedir, platform } from 'os';
+import { join, resolve, dirname } from 'path';
+import { fileURLToPath } from 'url';
+import { spawn, execSync } from 'child_process';
+
+export function createSandbox(projectDir, options = {}) {
+  const { useHostSettings = false, headlessMode = false } = options;
+  const sandboxDir = mkdtempSync(join(tmpdir(), 'sandboxbox-'));
+  const workspaceDir = join(sandboxDir, 'workspace');
+  const VERBOSE_OUTPUT = process.env.SANDBOX_VERBOSE === 'true' || process.argv.includes('--verbose');
+
+  // Ensure host directory is a git repository
+  if (!existsSync(join(projectDir, '.git'))) {
+    // Initialize git repository in host directory if it doesn't exist
+    execSync(`git init "${projectDir}"`, {
+      stdio: 'pipe',
+      shell: true,
+      windowsHide: true
+    });
+  }
+
+  // Configure global git safe directories
+  execSync(`git config --global --add safe.directory "${projectDir}"`, {
+    stdio: 'pipe',
+    shell: true,
+    windowsHide: true
+  });
+  execSync(`git config --global --add safe.directory "${projectDir}/.git"`, {
+    stdio: 'pipe',
+    shell: true,
+    windowsHide: true
+  });
+
+  // Configure host repository to accept pushes to current branch
+  try {
+    execSync(`cd "${projectDir}" && git config receive.denyCurrentBranch updateInstead`, {
+      stdio: 'pipe',
+      shell: true,
+      windowsHide: true
+    });
+  } catch (error) {
+    // Silently skip repository configuration
+  }
+
+  // Copy/clone the project to workspace
+  if (existsSync(join(projectDir, '.git'))) {
+    // If it's a git repo, do a shallow clone
+    execSync(`git clone --depth 1 --no-tags "${projectDir}" "${workspaceDir}"`, {
+      stdio: 'pipe',
+      shell: true,
+      windowsHide: true
+    });
+  } else {
+    // If not a git repo, just copy the files
+    mkdirSync(workspaceDir, { recursive: true });
+    execSync(`cp -r "${projectDir}"/* "${workspaceDir}/"`, {
+      stdio: 'pipe',
+      shell: true,
+      windowsHide: true
+    });
+    // Initialize git in workspace
+    execSync(`git init "${workspaceDir}"`, {
+      stdio: 'pipe',
+      shell: true,
+      windowsHide: true
+    });
+  }
+
+  // Ensure .claude is in .gitignore in the sandbox workspace
+  const gitignorePath = join(workspaceDir, '.gitignore');
+  if (!existsSync(gitignorePath)) {
+    writeFileSync(gitignorePath, `# Claude Code settings (project-specific, not to be committed)
+.claude/
+
+# Dependencies
+node_modules/
+*.log
+.DS_Store
+`);
+  } else {
+    // Add .claude to existing .gitignore if not already present
+    const gitignoreContent = readFileSync(gitignorePath, 'utf8');
+    if (!gitignoreContent.includes('.claude/')) {
+      writeFileSync(gitignorePath, gitignoreContent + '\n# Claude Code settings (project-specific, not to be committed)\n.claude/\n');
+    }
+  }
+
+  // Set up host repo as origin in sandbox (pointing to host directory)
+  try {
+    execSync(`git remote add origin "${projectDir}"`, {
+      cwd: workspaceDir,
+      stdio: 'pipe',
+      shell: true
+    });
+  } catch (e) {
+    // Remote already exists, update it
+    execSync(`git remote set-url origin "${projectDir}"`, {
+      cwd: workspaceDir,
+      stdio: 'pipe',
+      shell: true
+    });
+    // Remote updated silently
+  }
+
+  // Set up upstream tracking for current branch
+  try {
+    const currentBranch = execSync(`git branch --show-current`, {
+      cwd: workspaceDir,
+      encoding: 'utf8',
+      stdio: 'pipe'
+    }).trim();
+
+    // Ensure the branch exists on the host side
+    try {
+      execSync(`cd "${projectDir}" && git checkout ${currentBranch}`, {
+        stdio: 'pipe',
+        shell: true
+      });
+    } catch (e) {
+      // Branch doesn't exist on host, create it
+      execSync(`cd "${projectDir}" && git checkout -b ${currentBranch}`, {
+        stdio: 'pipe',
+        shell: true
+      });
+    }
+
+    execSync(`git branch --set-upstream-to=origin/${currentBranch} ${currentBranch}`, {
+      cwd: workspaceDir,
+      stdio: 'pipe',
+      shell: true
+    });
+  } catch (e) {
+    // Upstream may not exist yet, ignore error
+  }
+
+  // Copy project's .claude/settings.json if it exists (project-level Claude settings)
+  const projectClaudeSettingsPath = join(projectDir, '.claude', 'settings.json');
+  if (existsSync(projectClaudeSettingsPath)) {
+    const sandboxClaudeSettingsPath = join(workspaceDir, '.claude', 'settings.json');
+    mkdirSync(join(workspaceDir, '.claude'), { recursive: true });
+    cpSync(projectClaudeSettingsPath, sandboxClaudeSettingsPath);
+
+    if (VERBOSE_OUTPUT) {
+      console.log('✅ Copied project Claude settings to sandbox');
+    }
+  }
+
+  // Batch fetch git identity settings for efficiency
+  const gitSettings = execSync(`git config --global --get user.name && git config --global --get user.email && git config --global --get color.ui`, {
+    stdio: 'pipe',
+    shell: true,
+    encoding: 'utf8'
+  }).trim().split('\n');
+
+  const [userName, userEmail, colorUi] = gitSettings;
+
+  // Batch configure git settings in sandbox
+  execSync(`git config user.name "${userName}" && git config user.email "${userEmail}" && git config color.ui "${colorUi}"`, {
+    cwd: workspaceDir,
+    stdio: 'pipe',
+    shell: true
+  });
+
+  // Configure Git remote to host for bidirectional synchronization
+  try {
+    execSync(`cd "${workspaceDir}" && git remote add host "${projectDir}"`, {
+      stdio: 'pipe',
+      shell: true
+    });
+
+    if (VERBOSE_OUTPUT) {
+      console.log('✅ Configured Git remote to host repository');
+    }
+  } catch (error) {
+    // Remote might already exist, try to update it
+    try {
+      execSync(`cd "${workspaceDir}" && git remote set-url host "${projectDir}"`, {
+        stdio: 'pipe',
+        shell: true
+      });
+
+      if (VERBOSE_OUTPUT) {
+        console.log('✅ Updated Git remote to host repository');
+      }
+    } catch (updateError) {
+      if (VERBOSE_OUTPUT) {
+        console.log('⚠️  Could not configure Git remote to host');
+      }
+    }
+  }
+
+  // Setup Claude settings in sandbox
+  const hostClaudeDir = join(homedir(), '.claude');
+  const sandboxClaudeDir = join(sandboxDir, '.claude');
+
+  // Always use bundled SandboxBox settings unless host settings are requested
+  if (!useHostSettings) {
+    // Create sandbox Claude directory and copy bundled settings
+    mkdirSync(sandboxClaudeDir, { recursive: true });
+
+    const bundledSettingsPath = join(resolve(fileURLToPath(import.meta.url), '..', '..'), 'sandboxbox-settings.json');
+    const sandboxSettingsPath = join(sandboxClaudeDir, 'settings.json');
+
+    // Copy bundled settings to sandbox
+    if (existsSync(bundledSettingsPath)) {
+      if (VERBOSE_OUTPUT) {
+        console.log(`🔍 Debug: Found bundled settings at ${bundledSettingsPath}`);
+      }
+      cpSync(bundledSettingsPath, sandboxSettingsPath);
+
+      // Also copy credentials from host if available
+      const hostCredentialsPath = join(hostClaudeDir, '.credentials.json');
+      if (existsSync(hostCredentialsPath)) {
+        cpSync(hostCredentialsPath, join(sandboxClaudeDir, '.credentials.json'));
+      }
+
+      if (VERBOSE_OUTPUT) {
+        console.log('✅ Using bundled SandboxBox settings with Git integration hooks and MCP servers');
+        // Show hook and MCP information
+        const settings = JSON.parse(readFileSync(bundledSettingsPath, 'utf8'));
+        if (settings.hooks) {
+          console.log('📋 Bundled hooks configured:');
+          Object.keys(settings.hooks).forEach(hookType => {
+            const hookCount = settings.hooks[hookType].length;
+            console.log(`   ${hookType}: ${hookCount} hook(s)`);
+            settings.hooks[hookType].forEach((hook, index) => {
+              const commandCount = hook.hooks ? hook.hooks.length : 0;
+              console.log(`     ${index + 1}. ${hook.matcher || '*'} (${commandCount} commands)`);
+            });
+          });
+        }
+        if (settings.mcpServers) {
+          console.log('🔧 MCP servers configured:');
+          Object.keys(settings.mcpServers).forEach(serverName => {
+            const server = settings.mcpServers[serverName];
+            console.log(`   ${serverName}: ${server.command} ${server.args.join(' ')}`);
+          });
+        }
+      }
+    } else {
+      if (VERBOSE_OUTPUT) {
+        console.log(`🔍 Debug: Bundled settings not found at ${bundledSettingsPath}`);
+      }
+    }
+  }
+
+  // Optimize cache directory handling - use symlinks instead of copying
+  const hostCacheDir = join(homedir(), '.cache');
+  if (existsSync(hostCacheDir)) {
+    const sandboxCacheDir = join(sandboxDir, '.cache');
+    mkdirSync(sandboxCacheDir, { recursive: true });
+
+    // Create symlink to ms-playwright cache instead of copying (major performance improvement)
+    const playwrightCacheDir = join(hostCacheDir, 'ms-playwright');
+    if (existsSync(playwrightCacheDir)) {
+      const sandboxPlaywrightDir = join(sandboxCacheDir, 'ms-playwright');
+      try {
+        symlinkSync(playwrightCacheDir, sandboxPlaywrightDir, 'dir');
+      } catch (error) {
+        // Fallback to copying only if symlink fails
+        cpSync(playwrightCacheDir, sandboxPlaywrightDir, { recursive: true });
+      }
+    }
+  }
+
+  const cleanup = () => {
+    // Close any log files that might be open
+    if (global.logFileHandle) {
+      try {
+        appendFileSync(global.logFileHandle, `\n# Session ended: ${new Date().toISOString()}\n`);
+        global.logFileHandle = null;
+      } catch (error) {
+        // Don't fail on log cleanup
+      }
+    }
+    rmSync(sandboxDir, { recursive: true, force: true });
+  };
+
+  return { sandboxDir, cleanup };
+}
+
+export function createSandboxEnv(sandboxDir, options = {}) {
+  const sandboxClaudeDir = join(sandboxDir, '.claude');
+  const sandboxCacheDir = join(sandboxDir, '.cache');
+
+  // Start with all process environment variables
+  const env = {
+    ...process.env,
+  };
+
+  // IMPORTANT: Set HOME to sandbox directory for Claude to find settings
+  // but preserve access to host credentials via symlink
+  env.HOME = sandboxDir;
+  env.USERPROFILE = sandboxDir;
+
+  // Set XDG paths to use sandbox Claude directory
+  env.XDG_CONFIG_HOME = sandboxClaudeDir;
+  env.XDG_DATA_HOME = join(sandboxClaudeDir, '.local', 'share');
+  env.XDG_CACHE_HOME = sandboxCacheDir;
+  env.TMPDIR = join(sandboxDir, 'tmp');
+  env.TEMP = join(sandboxDir, 'tmp');
+  env.TMP = join(sandboxDir, 'tmp');
+  env.PLAYWRIGHT_BROWSERS_PATH = join(sandboxDir, 'browsers');
+  env.PLAYWRIGHT_STORAGE_STATE = join(sandboxDir, '.playwright', 'storage-state.json');
+  if (process.env.CLAUDE_CODE_ENTRYPOINT) {
+    env.CLAUDE_CODE_ENTRYPOINT = process.env.CLAUDE_CODE_ENTRYPOINT;
+  }
+
+  // Ensure TERM is set with fallback
+  env.TERM = process.env.TERM || 'xterm-256color';
+
+  // Apply any additional options
+  Object.assign(env, options);
+
+  return env;
+}
+
+export function runInSandbox(commandStr, args, sandboxDir, env) {
+  return new Promise((resolve, reject) => {
+    const fullCommand = args.length > 0 ? `${commandStr} ${args.join(' ')}` : commandStr;
+
+    const proc = spawn(fullCommand, [], {
+      cwd: join(sandboxDir, 'workspace'),
+      env,
+      stdio: 'inherit',
+      shell: true,
+      windowsHide: false
+    });
+
+    proc.on('close', (code) => {
+      if (code === 0) {
+        resolve();
+      } else {
+        reject(new Error(`Process exited with code ${code}`));
+      }
+    });
+
+    proc.on('error', reject);
+  });
+}

package/package/package/utils/system-optimizer.js

@@ -0,0 +1,231 @@
+import { execSync } from 'child_process';
+import { existsSync, writeFileSync } from 'fs';
+import { join } from 'path';
+
+export class SystemOptimizer {
+  constructor() {
+    this.hasSudo = this.checkSudoAccess();
+  }
+
+  checkSudoAccess() {
+    try {
+      execSync('sudo -n true', { stdio: 'pipe' });
+      return true;
+    } catch (e) {
+      return false;
+    }
+  }
+
+  // Optimize system for Claude Code performance
+  async optimizeSystem() {
+    if (!this.hasSudo) {
+      return false;
+    }
+
+    const optimizations = [
+      this.optimizeKernelParameters(),
+      this.optimizeNetworkStack(),
+      this.preloadCommonLibraries(),
+      this.optimizeFilesystem(),
+      this.setupClaudeService()
+    ];
+
+    const results = await Promise.allSettled(optimizations);
+    const successCount = results.filter(r => r.status === 'fulfilled').length;
+
+    return successCount > 0;
+  }
+
+  // Optimize kernel parameters for faster process spawning
+  async optimizeKernelParameters() {
+    if (!this.hasSudo) return false;
+
+    try {
+      const kernelTweaks = [
+        'sysctl -w vm.overcommit_memory=1',           // Allow memory overcommit
+        'sysctl -w kernel.sched_min_granularity_ns=1000000',  // Faster task scheduling
+        'sysctl -w fs.file-max=1048576',             // Increase file descriptor limit
+        'sysctl -w net.core.somaxconn=65535',        // Increase connection backlog
+        'sysctl -w net.ipv4.tcp_fin_timeout=15',     // Faster TCP connection cleanup
+        'sysctl -w net.ipv4.tcp_keepalive_time=600',  // Reduce keepalive timeout
+        'sysctl -w vm.swappiness=10'                 // Reduce swapping
+      ];
+
+      for (const tweak of kernelTweaks) {
+        execSync(`sudo ${tweak}`, { stdio: 'pipe' });
+      }
+
+      return true;
+    } catch (error) {
+      // Silently skip optimization if it fails
+      return false;
+    }
+  }
+
+  // Preload Claude and plugin dependencies
+  async preloadCommonLibraries() {
+    if (!this.hasSudo) return false;
+
+    try {
+      // Create a preload script for common Node.js and Claude dependencies
+      const preloadScript = `
+# Preload common libraries for faster Claude startup
+echo "Preloading Claude dependencies..."
+
+# Common Node.js modules
+export NODE_PATH="/usr/lib/node_modules:$NODE_PATH"
+
+# Preload essential binaries
+which npx >/dev/null && npx --version >/dev/null 2>&1 &
+which node >/dev/null && node --version >/dev/null 2>&1 &
+
+# Wait for preloads to complete
+wait
+
+echo "Preloading complete"
+`;
+
+      const preloadPath = '/tmp/claude-preload.sh';
+      writeFileSync(preloadPath, preloadScript);
+      execSync(`chmod +x ${preloadPath}`, { stdio: 'pipe' });
+
+      // Execute preload script with elevated privileges if needed
+      execSync(preloadPath, { stdio: 'pipe' });
+
+      return true;
+    } catch (error) {
+      // Silently skip optimization if it fails
+      return false;
+    }
+  }
+
+  // Optimize filesystem for faster access
+  async optimizeFilesystem() {
+    if (!this.hasSudo) return false;
+
+    try {
+      // Optimize tmpfs for faster temporary operations
+      const tmpfsOptimizations = [
+        'mount -t tmpfs -o size=1G tmpfs /tmp/claude-cache 2>/dev/null || true',
+        'mkdir -p /tmp/claude-cache /tmp/claude-plugins',
+        'chmod 777 /tmp/claude-cache /tmp/claude-plugins'
+      ];
+
+      for (const opt of tmpfsOptimizations) {
+        execSync(`sudo ${opt}`, { stdio: 'pipe' });
+      }
+
+      return true;
+    } catch (error) {
+      // Silently skip optimization if it fails
+      return false;
+    }
+  }
+
+  // Setup Claude as a pre-warmed service
+  async setupClaudeService() {
+    if (!this.hasSudo) return false;
+
+    try {
+      const serviceConfig = `[Unit]
+Description=Claude Code Pre-warm Service
+After=network.target
+
+[Service]
+Type=forking
+User=root
+ExecStart=/usr/local/bin/claude-prewarm.sh
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+`;
+
+      const prewarmScript = `#!/bin/bash
+# Claude Code pre-warming service
+echo "Starting Claude pre-warm service..."
+
+# Create necessary directories
+mkdir -p /tmp/claude-cache /tmp/claude-plugins /tmp/claude-sessions
+
+# Pre-warm Node.js runtime
+timeout 10s node --version >/dev/null 2>&1 &
+
+# Pre-warm NPX
+timeout 10s npx --version >/dev/null 2>&1 &
+
+# Pre-warm common plugins if available
+timeout 5s npx -y glootie-cc@anentrypoint-plugins --help >/dev/null 2>&1 &
+
+echo "Claude pre-warm service ready"
+`;
+
+      // Write service file
+      execSync('echo "' + serviceConfig.replace(/"/g, '\\"') + '" | sudo tee /etc/systemd/system/claude-prewarm.service', { stdio: 'pipe' });
+
+      // Write prewarm script
+      execSync('echo "' + prewarmScript.replace(/"/g, '\\"') + '" | sudo tee /usr/local/bin/claude-prewarm.sh', { stdio: 'pipe' });
+      execSync('sudo chmod +x /usr/local/bin/claude-prewarm.sh', { stdio: 'pipe' });
+
+      // Enable and start service
+      execSync('sudo systemctl daemon-reload', { stdio: 'pipe' });
+      execSync('sudo systemctl enable claude-prewarm.service', { stdio: 'pipe' });
+      execSync('sudo systemctl start claude-prewarm.service', { stdio: 'pipe' });
+
+      return true;
+    } catch (error) {
+      // Silently skip optimization if it fails
+      return false;
+    }
+  }
+
+  // Optimize network stack for faster plugin communication
+  async optimizeNetworkStack() {
+    if (!this.hasSudo) return false;
+
+    try {
+      const networkOptimizations = [
+        'sysctl -w net.core.rmem_max=134217728',      // Increase receive buffer
+        'sysctl -w net.core.wmem_max=134217728',      // Increase send buffer
+        'sysctl -w net.ipv4.tcp_rmem="4096 65536 134217728"',  // TCP receive buffer
+        'sysctl -w net.ipv4.tcp_wmem="4096 65536 134217728"',  // TCP send buffer
+        'sysctl -w net.ipv4.tcp_congestion_control=bbr'  // Use BBR congestion control
+      ];
+
+      for (const opt of networkOptimizations) {
+        execSync(`sudo ${opt}`, { stdio: 'pipe' });
+      }
+
+      return true;
+    } catch (error) {
+      // Silently skip optimization if it fails
+      return false;
+    }
+  }
+
+  // Create optimized container environment
+  createOptimizedContainerEnv() {
+    return {
+      // System optimizations
+      'NODE_OPTIONS': '--max-old-space-size=4096 --no-experimental-fetch',
+      'CLAUDE_OPTIMIZED': '1',
+      'CLAUDE_CACHE_DIR': '/tmp/claude-cache',
+      'CLAUDE_PLUGIN_DIR': '/tmp/claude-plugins',
+
+      // Performance tuning
+      'UV_THREADPOOL_SIZE': '16',
+      'NODEUV_THREADPOOL_SIZE': '16',
+
+      // Fast startup flags
+      'CLAUDE_FAST_INIT': '1',
+      'CLAUDE_SKIP_WELCOME': '1',
+      'CLAUDE_MINIMAL_PLUGINS': '1',
+
+      // Timeout optimizations
+      'MCP_TIMEOUT': '3000',
+      'MCP_CONNECT_TIMEOUT': '2000',
+      'CLAUDE_PLUGIN_TIMEOUT': '5000'
+    };
+  }
+}

package/package/package/utils/ui.js

@@ -0,0 +1,38 @@
+import { color } from './colors.js';
+
+export function showBanner() {
+  const VERBOSE_OUTPUT = process.env.SANDBOX_VERBOSE === 'true' || process.argv.includes('--verbose');
+  if (VERBOSE_OUTPUT) {
+    console.log(color('cyan', '📦 SandboxBox - Portable Container Runner'));
+    console.log(color('cyan', '═════════════════════════════════════════════════'));
+    console.log('');
+  }
+}
+
+export function showHelp() {
+  console.log(color('yellow', 'Usage:'));
+  console.log('  npx sandboxbox <command> [options]');
+  console.log('');
+  console.log(color('yellow', 'Commands:'));
+  console.log('  build [dockerfile]            Build container from Dockerfile');
+  console.log('  run <project-dir> [cmd]       Run project in container');
+  console.log('  shell <project-dir>           Start interactive shell');
+  console.log('  claude <project-dir> [prompt] [--host] [--headless]  Start Claude Code with Git integration');
+  console.log('  version                       Show version information');
+  console.log('');
+  console.log(color('yellow', 'Claude Command Options:'));
+  console.log('  --host                        Use host Claude settings instead of bundled');
+  console.log('  --headless                    Configure headless Playwright MCP (runs before Claude)');
+  console.log('');
+  console.log(color('yellow', 'Examples:'));
+  console.log('  npx sandboxbox build');
+  console.log('  npx sandboxbox claude ./my-project');
+  console.log('  npx sandboxbox run ./my-project "npm test"');
+  console.log('  npx sandboxbox shell ./my-project');
+  console.log('');
+  console.log(color('yellow', 'Requirements:'));
+  console.log('  - Docker/Podman runtime');
+  console.log('  - Works on Windows, macOS, and Linux!');
+  console.log('');
+  console.log(color('magenta', '🚀 Fast startup • True isolation • Claude Code integration'));
+}

package/package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sandboxbox",
-  "version": "3.0.46",
+  "version": "3.0.48",
   "description": "Lightweight process containment sandbox for CLI tools - Playwright, Claude Code, and more. Pure Node.js, no dependencies.",
   "type": "module",
   "main": "cli.js",

package/package/utils/commands/claude.js

@@ -3,7 +3,8 @@ import { resolve, join } from 'path';
 import { spawn, execSync } from 'child_process';
 import { color } from '../colors.js';
 import { createSandbox, createSandboxEnv } from '../sandbox.js';
-import { ClaudeOptimizer } from '../claude-optimizer.js';
+// ClaudeOptimizer disabled to preserve bundled hooks
+// import { ClaudeOptimizer } from '../claude-optimizer.js';
 import { SystemOptimizer } from '../system-optimizer.js';
 
 const ALLOWED_TOOLS = [
@@ -253,10 +254,10 @@ export async function claudeCommand(projectDir, prompt, flags = {}) {
     const envStartTime = Date.now();
     if (VERBOSE_OUTPUT) console.log(color('cyan', '⏱️  Stage 2: Setting up environment...'));
 
-    // Apply Claude optimizations
-    const claudeOptimizer = new ClaudeOptimizer(sandboxDir);
-    claudeOptimizer.optimizeSettings();
-    await claudeOptimizer.prewarmPlugins();
+    // Apply Claude optimizations (disabled to preserve bundled hooks)
+    // const claudeOptimizer = new ClaudeOptimizer(sandboxDir);
+    // claudeOptimizer.optimizeSettings();
+    // await claudeOptimizer.prewarmPlugins();
 
     // Apply system optimizations (with sudo access)
     const systemOptimizer = new SystemOptimizer();
@@ -269,7 +270,7 @@ export async function claudeCommand(projectDir, prompt, flags = {}) {
 
     const env = systemOptimizationsApplied
       ? { ...baseEnv, ...systemOptimizer.createOptimizedContainerEnv() }
-      : claudeOptimizer.createOptimizedEnv(baseEnv);
+      : baseEnv; // Use base environment when optimizer is disabled
 
     const envCreateTime = Date.now() - envStartTime;
     if (VERBOSE_OUTPUT) console.log(color('green', `✅ Environment configured in ${envCreateTime}ms`));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sandboxbox",
-  "version": "3.0.48",
+  "version": "3.0.49",
   "description": "Lightweight process containment sandbox for CLI tools - Playwright, Claude Code, and more. Pure Node.js, no dependencies.",
   "type": "module",
   "main": "cli.js",