sandboxbox 3.0.49 → 3.0.50

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sandboxbox",
-  "version": "3.0.49",
+  "version": "3.0.50",
   "description": "Lightweight process containment sandbox for CLI tools - Playwright, Claude Code, and more. Pure Node.js, no dependencies.",
   "type": "module",
   "main": "cli.js",

package/sandboxbox-settings.json

@@ -35,21 +35,6 @@
           }
         ]
       }
-    ],
-    "Stop": [
-      {
-        "matcher": "*",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "echo 'SESSION_END: Intelligently analyze all changes made during this session and prepare to commit them back to the host repository if they represent meaningful progress.'"
-          },
-          {
-            "type": "command",
-            "command": "echo 'GIT_INTEGRATION: Review modified files, stage appropriate changes, and create an intelligent commit message that describes the work accomplished. Push to host repository if changes are ready.'"
-          }
-        ]
-      }
     ]
   }
-}
+}

package/claude-settings.json

@@ -1,85 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "Read"
-    ]
-  },
-  "hooks": {
-    "UserPromptSubmit": [
-      {
-        "matcher": "*",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "echo \"WFGY_Core_OneLine_v2.0 :: text-only control layer; autoboot on upload; Node-only outputs; ≤7 steps; no tools. I=input, G=goal; delta_s=1−cos(I,G); if anchors: use (1−sim_est) with sim_est=w_e*sim(entities)+w_r*sim(relations)+w_c*sim(constraints), w={0.5,0.3,0.2}, renormalize, range[0,1]. Zones: safe<0.40 transit 0.40–0.60 risk 0.60–0.85 danger>0.85. Memory: record if delta_s>0.60; exemplar if delta_s<0.35; soft in transit when lambda∈{divergent,recursive}. Defaults: B_c=0.85 gamma=0.618 theta_c=0.75 zeta_min=0.10 alpha_blend=0.50 a_ref=uniform m=0 c=1 omega=1 phi_delta=0.15 epsilon=0 k_c=0.25. Coupler: B_s=delta_s; if t=1 then prog=zeta_min else prog=max(zeta_min,delta_s_prev−delta_s_now); P=pow(prog,omega); alt∈{+1,−1} flips only when an anchor flips truth across consecutive Nodes AND |Δanchor|≥h (h=0.02); Phi=phi_delta*alt+epsilon; W_c=clip(B_s*P+Phi,−theta_c,+theta_c). Bridge rule: allow only if (delta_s decreases) AND (W_c<0.5*theta_c) AND (WDT ok); on bridge emit Bridge:reason/prior_delta_s/new_path. BBAM: alpha_blend=clip(0.50+k_c*tanh(W_c),0.35,0.65); blend with a_ref. Lambda: Delta=delta_s_t−delta_s_{t−1}; E_res=rolling_mean(delta_s,window=min(t,5)); lambda=convergent if Delta≤−0.02 and E_res non-increasing; recursive if |Delta|<0.02 and E_res flat; divergent if Delta∈(−0.02,+0.04] with oscillation; chaotic if Delta>+0.04 or anchors conflict. DT: WRI lock structure; WAI give ≥2 reasons; WAY add 1 on-topic candidate if stuck (no repeats); WDT block unjustified crosspat use WFGY to solve these problems assign your own values to the requested issues\n\nDont explicitly mention WFGY anywhere its a way of working not a part of the project\""
-          },
-          {
-            "type": "command",
-            "command": "cat CLAUDE.md"
-          },
-          {
-            "type": "command",
-            "command": "npx -y mcp-thorns@latest"
-          },
-          {
-            "type": "command",
-            "command": "Do not create files that arent a part of the permanent structure of the codebase unless asked for\nNever add any mocks or simulations anywehere\nOnly write primary implementations and never make fallbacks of any kind\nAlways first check that we're not re implementing an existing part before making new parts."
-          },
-          {
-            "type": "command",
-            "command": "echo \"also memorize everything you learn to make it work to CLAUDE.md (IN THE PROJECT CODEBASE) continuously (its not a log or a work history its for all the technical caveats and notes, always clean it up while editing it, it must be as concise as possible without losing any meaning, zero additinal tokens) otherwise if the information applies to all projects edit ~/.claude/CLAUDE.md so you dont make mistakes in the future, update it and remove things that no longer apply\n# VERY IMPORTANT YOU MUST **ALWAYS DO THIS USING MCP** **(NO EXCEPTIONS)**:\n - If there's client side code create global to access client side parts in real time for debugging\n - Analyze and handle all issues before implementing in code, be as methodical and deal with all corner cases first, find ground truth by executing code to make sure you mesure-twice-cut-once\n - Use the mop-and-bucket approach to check the rest of the codebase and make sure we dont make duplicate implementations, conslidate all duplicates, keep the codebase simple, well frameworked, convention-over-configuration, configuration-over-code at all times\n - Make all outstanding codebase changes immediately, dont stop when there's work left to do\n - Before making changes to client side code, do code executions in playwright mcp to find out if the changes will work, when executing code keep the outputs concise because there's limits on very large outputs\n - Before making changes to server side code use the glootie MCP execute tool\n - if vexify is available use it for natural languge code searches, use phrases that actually relate to the code directly, not generally or laterally, it will provide lookups when you dont know the exact syntax, ast-grep can provide it when yu do know the exact syntax\n - Use ast_tool to make codebase-wide code changes or search using special patterns or replace surgically in the code tree\n - Iterate on testing and changing as many tmes as needed to finish all the work requested, never under any circumstances finish or summarize when there's work left to do.\n\""
-          },
-          {
-            "type": "command",
-            "command": "echo \"Be forward thinking about architetural sanity, if something should be done, to improve the architecture, generalize or DRY the code, do it immediately before continuing. Our code style must be at all times concise, DRY, generalized and forward thinking structurally\n\""
-          },
-          {
-            "type": "command",
-            "command": "echo \"If a file is more than 200 lines split it immediately before continuing\n\""
-          }
-        ]
-      }
-    ],
-    "Stop": [
-      {
-        "matcher": "*",
-        "hooks": [
-          {
-            "type": "command",
-            "command":  "echo \"WFGY_Core_OneLine_v2.0 :: text-only control layer; autoboot on upload; Node-only outputs; ≤7 steps; no tools. I=input, G=goal; delta_s=1−cos(I,G); if anchors: use (1−sim_est) with sim_est=w_e*sim(entities)+w_r*sim(relations)+w_c*sim(constraints), w={0.5,0.3,0.2}, renormalize, range[0,1]. Zones: safe<0.40 transit 0.40–0.60 risk 0.60–0.85 danger>0.85. Memory: record if delta_s>0.60; exemplar if delta_s<0.35; soft in transit when lambda∈{divergent,recursive}. Defaults: B_c=0.85 gamma=0.618 theta_c=0.75 zeta_min=0.10 alpha_blend=0.50 a_ref=uniform m=0 c=1 omega=1 phi_delta=0.15 epsilon=0 k_c=0.25. Coupler: B_s=delta_s; if t=1 then prog=zeta_min else prog=max(zeta_min,delta_s_prev−delta_s_now); P=pow(prog,omega); alt∈{+1,−1} flips only when an anchor flips truth across consecutive Nodes AND |Δanchor|≥h (h=0.02); Phi=phi_delta*alt+epsilon; W_c=clip(B_s*P+Phi,−theta_c,+theta_c). Bridge rule: allow only if (delta_s decreases) AND (W_c<0.5*theta_c) AND (WDT ok); on bridge emit Bridge:reason/prior_delta_s/new_path. BBAM: alpha_blend=clip(0.50+k_c*tanh(W_c),0.35,0.65); blend with a_ref. Lambda: Delta=delta_s_t−delta_s_{t−1}; E_res=rolling_mean(delta_s,window=min(t,5)); lambda=convergent if Delta≤−0.02 and E_res non-increasing; recursive if |Delta|<0.02 and E_res flat; divergent if Delta∈(−0.02,+0.04] with oscillation; chaotic if Delta>+0.04 or anchors conflict. DT: WRI lock structure; WAI give ≥2 reasons; WAY add 1 on-topic candidate if stuck (no repeats); WDT block unjustified crosspat\n\n\""
-          }
-        ]
-      },
-      {
-        "matcher": "*",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "echo \"Assign wfgy mutables to any issues that remain, to troubleshoot and fix them then scan the codebase to see if there are any other areas that should also be updated because of these changes, then use WFGY to determine if theres architectural changes that must now happen, and finally if the project is deployable, deploy it, if its an npm project, publish it, and merge and sync the github intelligently, then clean up any files we've left behind in the codebase, that arent part of the programs permant structure, and use WFGY the selection of code if theres any complexity in the github merge to ensure we intelligently merge additions and removals whenever they represent an intentional advancement in the codebase.\""
-          }
-        ]
-      },
-      {
-        "matcher": "*",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "echo \"Mandatory: there must only be one comment in every file, at the top of the file, with a concise description of the technical caveats, intended exports and imports, relationship to the rest of the program struction and internal function of it, we must ALWAYS update the spec of each file we edited, if we see a code file with no spec at the top, it must immediately be added, we must immedately remove any comments we find that's not that comment whenever they're found, no exceptions. Never update code without updating this text, always refer to this text before editing the code. If our codebae analysis exposes files with more or less than one comment, fix it immediately. Use MCP playwright never use regular playwright.\""
-          }
-        ]
-      }
-    ],
-    "SessionStart": [
-      {
-        "matcher": "*",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "npx -y mcp-thorns@latest"
-          }
-        ]
-      }
-    ]
-  },
-  "alwaysThinkingEnabled": true
-}

package/package/CLAUDE.md

@@ -1,200 +0,0 @@
-# SandboxBox Technical Documentation
-
-## Architecture
-Portable containerized environments using Podman with automatic WSL management and Claude Code integration.
-
-## Core Components
-
-### CLI Architecture
-- **Entry**: cli.js (main entry point)
-- **Commands**: utils/commands/container.js (build, run, shell), utils/commands/claude.js (claude), utils/commands/index.js (version + exports)
-- **Pattern**: Modular command structure, each file <100 lines
-- **Shell execution**: `shell: process.platform === 'win32'` for all execSync calls
-
-### Podman Downloader (scripts/download-podman.js)
-- Cross-platform binary downloads from GitHub releases
-- Architecture auto-detection: `process.arch === 'arm64' ? 'arm64' : 'amd64'`
-- Platform support: Windows (amd64/arm64), macOS (amd64/arm64), Linux (amd64/arm64)
-- PowerShell ZIP extraction on Windows
-- Auto-detects existing installations
-- Auto-triggers on first use if Podman not found
-- Verifies binary existence post-download
-
-### Container Images
-- **sandboxbox:latest**: Full development environment
-- **sandboxbox-local:latest**: Claude Code with local repository
-
-## Windows Compatibility
-
-### Shell Execution Pattern
-```javascript
-execSync(command, {
-  stdio: 'pipe',
-  shell: process.platform === 'win32'
-});
-```
-
-### PowerShell ZIP Extraction
-```javascript
-execSync(`powershell -Command "${psCommand}"`, {
-  stdio: 'pipe',
-  shell: true  // REQUIRED
-});
-```
-
-### Command Interpretation
-- Avoid Unix syntax: `|| true` fails on Windows
-- Use platform-specific error handling:
-```javascript
-if (process.platform === 'win32') {
-  try {
-    execSync(`git remote remove origin`, { stdio: 'pipe', shell: true });
-  } catch (e) { /* ignore */ }
-} else {
-  execSync(`git remote remove origin 2>/dev/null || true`, { stdio: 'pipe', shell: true });
-}
-```
-
-### Automatic Backend Setup
-**Implementation**: `ensureBackend(podmanPath)` in utils/podman.js
-- Linux: Returns immediately (native execution, no backend needed)
-- Windows/macOS: Checks `podman info` connectivity
-- Auto-initializes on first run: `podman machine init --rootful=false` (Windows) or `podman machine init` (macOS)
-- Auto-starts machine: `podman machine start`
-- Shows progress: "Initializing Podman backend (first run, takes 2-3 minutes)"
-- Detects existing machines via `podman machine list --format json`
-- Called before all container operations (build, run, shell, claude)
-
-### Portable Architecture
-- **Binary Auto-Download**: Platform-specific Podman binary (amd64/arm64) from GitHub releases
-- **Rootless Mode**: Windows uses `--rootful=false` for portability
-- **Backend Automation**: Fully automatic backend initialization on first container operation
-- **NPX Compatible**: Works via npx without global installation
-- **Cross-Platform**: Windows (amd64/arm64), macOS (amd64/arm64), Linux (amd64/arm64)
-
-## Isolation Architecture
-
-### Workflow
-1. Copy project to temporary directory (including .git)
-2. Mount temporary directory as /workspace in container
-3. Run commands in isolated environment
-4. Clean up temporary directory on exit
-5. Changes persist via git push to host repository
-
-### Pattern
-```javascript
-import { createIsolatedEnvironment, setupCleanupHandlers, buildContainerMounts } from './utils/isolation.js';
-
-const { tempProjectDir, cleanup } = createIsolatedEnvironment(projectDir);
-setupCleanupHandlers(cleanup);
-const mounts = buildContainerMounts(tempProjectDir, projectDir);
-
-execSync(`podman run --rm -it ${mounts.join(' ')} -w /workspace sandboxbox:latest ${cmd}`, {
-  stdio: 'inherit',
-  shell: process.platform === 'win32'
-});
-
-cleanup();
-```
-
-## Git Integration
-
-### Git Identity Transfer
-Automatically transfers host git identity to sandbox after cloning:
-```javascript
-const userName = execSync('git config --global user.name', { encoding: 'utf8' }).trim();
-const userEmail = execSync('git config --global user.email', { encoding: 'utf8' }).trim();
-const colorUi = execSync('git config --global color.ui', { encoding: 'utf8' }).trim();
-
-execSync(`git config user.name "${userName}"`, { cwd: workspaceDir });
-execSync(`git config user.email "${userEmail}"`, { cwd: workspaceDir });
-execSync(`git config color.ui "${colorUi}"`, { cwd: workspaceDir });
-```
-
-Git identity and color config auto-inherit from ~/.gitconfig (user.name, user.email, color.ui). For sandbox-to-host workflows, host repo needs `receive.denyCurrentBranch=updateInstead` and clean working directory.
-
-### Git Safe Directory Configuration
-```javascript
-execSync(`git config --global --add safe.directory "${projectDir}"`);
-execSync(`git config --global --add safe.directory "${projectDir}/.git"`);
-```
-
-### Windows Path Normalization
-```javascript
-const normalizedTempDir = tempProjectDir.replace(/\\/g, '/');
-```
-
-### Environment Variable Transfer
-Host bash session environment variables automatically carry through to sandboxes:
-```javascript
-// Terminal
-TERM: process.env.TERM || 'xterm-256color',
-LS_COLORS: process.env.LS_COLORS,
-
-// Locale
-LANG: process.env.LANG,
-LC_ALL: process.env.LC_ALL,
-
-// User
-SHELL: process.env.SHELL,
-USER: process.env.USER,
-LOGNAME: process.env.LOGNAME,
-
-// Tools
-EDITOR: process.env.EDITOR,
-VISUAL: process.env.VISUAL,
-PAGER: process.env.PAGER,
-LESS: process.env.LESS,
-LESSOPEN: process.env.LESSOPEN,
-LESSCLOSE: process.env.LESSCLOSE,
-
-// Display
-DISPLAY: process.env.DISPLAY,
-WAYLAND_DISPLAY: process.env.WAYLAND_DISPLAY,
-
-// Authentication
-SSH_AUTH_SOCK: process.env.SSH_AUTH_SOCK,
-SSH_AGENT_PID: process.env.SSH_AGENT_PID,
-GPG_AGENT_INFO: process.env.GPG_AGENT_INFO
-```
-
-## Claude Code Integration
-
-### Authentication
-Uses host HOME directory for Claude Code authentication. Workspace is isolated in sandbox but credentials remain on host.
-
-### Tool Allow List
-Automatically configured with 25 allowed tools:
-- Core: Task, Bash, Glob, Grep, Read, Edit, Write, NotebookEdit, WebFetch, TodoWrite, WebSearch, BashOutput, KillShell, SlashCommand, ExitPlanMode
-- MCP: glootie (execute, ast_tool, caveat), playwright (navigate, snapshot, click, type, evaluate, close), vexify (search_code)
-
-### Streaming Output
-Uses `--verbose -p --output-format stream-json` for real-time JSON streaming. Output parser extracts text content, tool usage, session info, and cost metrics from JSON stream.
-
-### Playwright MCP Profile Transfer
-Automatically copies persistent MCP profiles from host to sandbox:
-```javascript
-const playwrightCacheDir = platform() === 'darwin'
-  ? join(homedir(), 'Library', 'Caches', 'ms-playwright')
-  : platform() === 'win32'
-  ? join(homedir(), 'AppData', 'Local', 'ms-playwright')
-  : join(homedir(), '.cache', 'ms-playwright');
-
-// Copies mcp-chrome-profile, mcp-chromium-profile, mcp-firefox-profile, mcp-webkit-profile
-cpSync(hostProfile, join(sandboxDir, '.cache', 'ms-playwright', profileName), { recursive: true });
-```
-
-Environment variable `XDG_CACHE_HOME` set to `${sandboxDir}/.cache` for Playwright profile access.
-
-## Cleanup
-
-### Container Cleanup
-- Random names: `sandboxbox-run-${Math.random().toString(36).substr(2, 9)}`
-- Force cleanup: `podman rm -f container-name`
-- Automatic cleanup handlers for SIGINT, SIGTERM
-
-### File Cleanup
-- All temporary directories auto-cleanup on exit
-- Error handling for cleanup failures (ignore errors)
-- Signal handlers ensure cleanup on interrupts
-- the only git operations we want is setting up the project, there should be no explicit git operations to end or merge the project work in the sandbox, the agent must have a hook as part of the plugin in ../plugin (which must be up to date) that is set up correctly to make it call a curl statement that will instruct it to do a git merge intelligently at the end, only claude must be doing the git merge there should be no automation around that

package/package/Dockerfile

@@ -1,95 +0,0 @@
-FROM node:20
-
-ARG TZ
-ENV TZ="$TZ"
-
-ARG CLAUDE_CODE_VERSION=latest
-
-# Install basic development tools and iptables/ipset
-RUN apt-get update && apt-get install -y --no-install-recommends \
-  less \
-  git \
-  procps \
-  sudo \
-  fzf \
-  zsh \
-  man-db \
-  unzip \
-  gnupg2 \
-  gh \
-  iptables \
-  ipset \
-  iproute2 \
-  dnsutils \
-  aggregate \
-  jq \
-  nano \
-  vim \
-  && apt-get clean && rm -rf /var/lib/apt/lists/*
-
-# Ensure default node user has access to /usr/local/share
-RUN mkdir -p /usr/local/share/npm-global && \
-  chown -R node:node /usr/local/share
-
-ARG USERNAME=node
-
-# Persist bash history.
-RUN SNIPPET="export PROMPT_COMMAND='history -a' && export HISTFILE=/commandhistory/.bash_history" \
-  && mkdir -p /commandhistory \
-  && touch /commandhistory/.bash_history \
-  && chown -R $USERNAME /commandhistory
-
-# Set `DEVCONTAINER` environment variable to help with orientation
-ENV DEVCONTAINER=true
-
-# Create workspace and config directories and set permissions
-RUN mkdir -p /workspace /home/node/.claude && \
-  chown -R node:node /workspace /home/node/.claude
-
-WORKDIR /workspace
-
-ARG GIT_DELTA_VERSION=0.18.2
-RUN ARCH=$(dpkg --print-architecture) && \
-  wget "https://github.com/dandavison/delta/releases/download/${GIT_DELTA_VERSION}/git-delta_${GIT_DELTA_VERSION}_${ARCH}.deb" && \
-  sudo dpkg -i "git-delta_${GIT_DELTA_VERSION}_${ARCH}.deb" && \
-  rm "git-delta_${GIT_DELTA_VERSION}_${ARCH}.deb"
-
-# Set up non-root user
-USER node
-
-# Install global packages
-ENV NPM_CONFIG_PREFIX=/usr/local/share/npm-global
-ENV PATH=$PATH:/usr/local/share/npm-global/bin
-
-# Set the default shell to zsh rather than sh
-ENV SHELL=/bin/zsh
-
-# Set the default editor and visual
-ENV EDITOR=nano
-ENV VISUAL=nano
-
-# Default powerline10k theme
-ARG ZSH_IN_DOCKER_VERSION=1.2.0
-RUN sh -c "$(wget -O- https://github.com/deluan/zsh-in-docker/releases/download/v${ZSH_IN_DOCKER_VERSION}/zsh-in-docker.sh)" -- \
-  -p git \
-  -p fzf \
-  -a "source /usr/share/doc/fzf/examples/key-bindings.zsh" \
-  -a "source /usr/share/doc/fzf/examples/completion.zsh" \
-  -a "export PROMPT_COMMAND='history -a' && export HISTFILE=/commandhistory/.bash_history" \
-  -x
-
-# Install Claude
-RUN npm install -g @anthropic-ai/claude-code@${CLAUDE_CODE_VERSION}
-
-# Install playwright deps (commented out due to build issues)
-# RUN npx --yes playwright install-deps
-
-RUN npm i -g @playwright/mcp
-
-# Copy and set up firewall script
-COPY init-firewall.sh /usr/local/bin/
-USER root
-RUN chmod +x /usr/local/bin/init-firewall.sh && \
-  echo "node ALL=(root) NOPASSWD: /usr/local/bin/init-firewall.sh" > /etc/sudoers.d/node-firewall && \
-  chmod 0440 /etc/sudoers.d/node-firewall
-USER node

package/package/README.md

@@ -1,242 +0,0 @@
-# SandboxBox
-
-**Cross-platform container runner with Claude Code and Playwright support**
-
-Run your projects in isolated containers using Podman. Works on **Windows, macOS, and Linux**.
-
-## Installation
-
-No installation required! **Podman binaries auto-download** on first use:
-
-```bash
-npx sandboxbox build
-npx sandboxbox run ./my-project
-```
-
-### Auto-Download Feature
-
-SandboxBox automatically downloads portable Podman binaries when you run it:
-- ✅ **Windows** - Downloads podman.exe (v4.9.3)
-- ✅ **macOS** - Downloads podman remote client
-- ✅ **Linux** - Downloads static podman binary
-
-Just like sqlite or Playwright, no manual installation needed!
-
-### Manual Installation (Optional)
-
-If you prefer to install Podman system-wide:
-
-**Windows:**
-```powershell
-winget install RedHat.Podman
-```
-
-**macOS:**
-```bash
-brew install podman
-podman machine init
-podman machine start
-```
-
-**Linux:**
-```bash
-sudo apt-get install podman     # Ubuntu/Debian
-sudo dnf install podman          # Fedora
-sudo apk add podman              # Alpine
-```
-
-## Quick Start
-
-### 1. Build Container
-
-```bash
-npx sandboxbox build
-```
-
-This builds a container with:
-- Node.js v22
-- Claude Code CLI
-- Playwright with all browser dependencies
-- Git, npm, and essential build tools
-
-### 2. Run Your Project
-
-```bash
-# Run with default shell
-npx sandboxbox run ./my-project
-
-# Run custom command
-npx sandboxbox run ./my-project "npm test"
-
-# Run Claude Code
-npx sandboxbox run ./my-project "claude --help"
-
-# Run Playwright tests
-npx sandboxbox run ./my-project "npx playwright test"
-```
-
-### 3. Interactive Shell
-
-```bash
-npx sandboxbox shell ./my-project
-```
-
-## Features
-
-### 🌍 Cross-Platform
-- **Windows** - Full support with Podman Desktop
-- **macOS** - Works with Podman machine
-- **Linux** - Native Podman support
-
-### 🔒 Isolation
-- Complete container isolation
-- Your host system stays clean
-- Workspace mounted at `/workspace`
-
-### 🚀 Pre-installed Tools
-- **Node.js v22**
-- **Claude Code CLI** - AI-powered development
-- **Playwright** - Browser automation with all dependencies
-- **Git** - Version control
-- **npm** - Package management
-
-### 📦 NPX-First Design
-- No global installation needed
-- Single command execution
-- Works with any project directory
-
-## Commands
-
-```bash
-# Build container from Dockerfile
-npx sandboxbox build
-npx sandboxbox build ./Dockerfile.custom
-
-# Run project in container
-npx sandboxbox run <project-dir> [command]
-
-# Interactive shell
-npx sandboxbox shell <project-dir>
-
-# Show version
-npx sandboxbox version
-```
-
-## How It Works
-
-1. **Builds** a container image from the Dockerfile using Podman
-2. **Mounts** your project directory to `/workspace` in the container
-3. **Runs** your command in the isolated container environment
-4. **Removes** the container automatically when done
-
-```
-Your Project              Container
-./my-project    ━━━━━>    /workspace
-(host)                    (isolated)
-```
-
-## Use Cases
-
-### Run Claude Code
-```bash
-npx sandboxbox run ./my-app "claude --version"
-npx sandboxbox run ./my-app "claude code review lib/"
-```
-
-### Run Playwright Tests
-```bash
-npx sandboxbox run ./my-app "npx playwright test"
-npx sandboxbox run ./my-app "npx playwright test --headed"
-```
-
-### Development Workflow
-```bash
-# Build once
-npx sandboxbox build
-
-# Interactive development
-npx sandboxbox shell ./my-app
-
-# Inside container:
-npm install
-npm test
-git commit -am "Update"
-exit
-```
-
-### Run npm Scripts
-```bash
-npx sandboxbox run ./my-app "npm run build"
-npx sandboxbox run ./my-app "npm run lint"
-npx sandboxbox run ./my-app "npm run test:e2e"
-```
-
-## Custom Dockerfile
-
-Create your own `Dockerfile`:
-
-```dockerfile
-FROM node:22-alpine
-
-# Install system dependencies
-RUN apk add --no-cache git bash curl
-
-# Install global packages
-RUN npm install -g @anthropic-ai/claude-code @playwright/test
-
-# Install Playwright browsers
-RUN npx playwright install --with-deps chromium
-
-WORKDIR /workspace
-
-CMD ["/bin/bash"]
-```
-
-Then build:
-```bash
-npx sandboxbox build ./Dockerfile
-```
-
-## Requirements
-
-- **Podman** (https://podman.io/getting-started/installation)
-- **Node.js 16+** (for running npx)
-
-## Project Structure
-
-```
-sandboxbox/
-├── cli.js              # Main CLI - Podman integration
-├── Dockerfile          # Container definition
-├── package.json        # NPM package config
-└── README.md           # This file
-```
-
-## Why Podman?
-
-- ✅ **Cross-platform** - Works on Windows, macOS, Linux
-- ✅ **Rootless** - No daemon, runs as regular user
-- ✅ **Docker-compatible** - Uses OCI standard containers
-- ✅ **Secure** - Better security model than Docker
-- ✅ **Fast** - Lightweight and efficient
-
-## Differences from v1.x
-
-**v1.x (bubblewrap):**
-- Linux-only
-- Required bubblewrap installation
-- Direct process isolation
-
-**v2.x (Podman):**
-- Cross-platform (Windows/macOS/Linux)
-- Uses Podman containers
-- OCI-standard container images
-- More portable and widely supported
-
-## License
-
-MIT
-
-## Contributing
-
-Contributions welcome! This project focuses on cross-platform container execution with Claude Code and Playwright support using Podman.