sandboxbox 3.0.9 → 3.0.11

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sandboxbox",
-  "version": "3.0.9",
+  "version": "3.0.11",
   "description": "Lightweight process containment sandbox for CLI tools - Playwright, Claude Code, and more. Pure Node.js, no dependencies.",
   "type": "module",
   "main": "cli.js",

package/utils/claude-optimizer.js

@@ -0,0 +1,145 @@
+import { existsSync, mkdirSync, writeFileSync } from 'fs';
+import { join, dirname } from 'path';
+
+export class ClaudeOptimizer {
+  constructor(sandboxDir) {
+    this.sandboxDir = sandboxDir;
+    this.claudeDir = join(sandboxDir, '.claude');
+  }
+
+  // Optimize Claude settings for faster startup
+  optimizeSettings() {
+    const settingsPath = join(this.claudeDir, 'settings.json');
+
+    // Load existing settings or create optimized defaults
+    let settings = {};
+    if (existsSync(settingsPath)) {
+      try {
+        settings = JSON.parse(require('fs').readFileSync(settingsPath, 'utf8'));
+      } catch (e) {
+        console.log('⚠️  Could not read existing settings, creating optimized defaults');
+      }
+    }
+
+    // Apply startup optimizations
+    const optimizedSettings = {
+      ...settings,
+      // Reduce plugin timeouts
+      pluginTimeout: 5000,
+      // Disable unnecessary features for faster startup
+      alwaysThinkingEnabled: false,
+      // Optimize plugin loading
+      enabledPlugins: {
+        ...settings.enabledPlugins,
+        // Only enable essential plugins for performance
+        'glootie-cc@anentrypoint-plugins': true
+      },
+      // Add performance-focused hooks
+      hooks: {
+        ...(settings.hooks || {}),
+        SessionStart: [
+          {
+            matcher: "*",
+            hooks: [
+              {
+                type: "command",
+                command: "echo 'Claude optimized session started'"
+              }
+            ]
+          }
+        ]
+      }
+    };
+
+    // Ensure directory exists
+    mkdirSync(dirname(settingsPath), { recursive: true });
+
+    // Write optimized settings
+    writeFileSync(settingsPath, JSON.stringify(optimizedSettings, null, 2));
+    console.log('✅ Applied Claude startup optimizations');
+
+    return optimizedSettings;
+  }
+
+  // Pre-warm plugin connections
+  async prewarmPlugins() {
+    console.log('🔥 Pre-warming Claude plugins...');
+
+    const prewarmScript = `
+# Pre-warm script for Claude plugins
+echo "Pre-warming plugin connections..."
+
+# Set environment for faster plugin discovery
+export NODE_OPTIONS="--max-old-space-size=2048"
+export CLAUDE_PLUGIN_TIMEOUT=5000
+
+# Pre-warm glootie plugin
+if command -v npx >/dev/null 2>&1; then
+  timeout 3s npx -y glootie-cc@anentrypoint-plugins --version >/dev/null 2>&1 &
+fi
+
+echo "Plugin pre-warming complete"
+`;
+
+    const scriptPath = join(this.sandboxDir, '.claude', 'prewarm.sh');
+    writeFileSync(scriptPath, prewarmScript);
+
+    return scriptPath;
+  }
+
+  // Create optimized environment for Claude
+  createOptimizedEnv(baseEnv = {}) {
+    return {
+      ...baseEnv,
+      // Performance optimizations
+      NODE_OPTIONS: "--max-old-space-size=2048",
+      CLAUDE_PLUGIN_TIMEOUT: "5000",
+      CLAUDE_CACHE_DIR: join(this.sandboxDir, '.cache', 'claude'),
+      // Network optimizations
+      NODE_TLS_REJECT_UNAUTHORIZED: "0",
+      // Plugin optimizations
+      MCP_TIMEOUT: "5000",
+      MCP_CONNECTION_TIMEOUT: "3000",
+      // Fast startup flags
+      CLAUDE_FAST_STARTUP: "1",
+      CLAUDE_MINIMAL_MODE: "1"
+    };
+  }
+
+  // Generate startup timing profile
+  async profileStartup(claudeCommand) {
+    console.log('📊 Profiling Claude startup...');
+
+    const profileScript = `
+#!/bin/bash
+echo "Starting Claude startup profile..."
+start_time=$(date +%s%3N)
+
+# Run Claude with timing
+timeout 30s ${claudeCommand} --help >/dev/null 2>&1 &
+claude_pid=$!
+
+# Monitor startup progress
+while kill -0 $claude_pid 2>/dev/null; do
+  current_time=$(date +%s%3N)
+  elapsed=$((current_time - start_time))
+
+  if [ $elapsed -gt 10000 ]; then
+    echo "⚠️  Startup taking longer than 10s..."
+    kill $claude_pid 2>/dev/null
+    break
+  fi
+
+  sleep 0.5
+done
+
+wait $claude_pid
+end_time=$(date +%s%3N)
+total_time=$((end_time - start_time))
+
+echo "Claude startup completed in ${total_time}ms"
+`;
+
+    return profileScript;
+  }
+}

package/utils/commands/claude.js

@@ -3,6 +3,8 @@ import { resolve, join } from 'path';
 import { spawn, execSync } from 'child_process';
 import { color } from '../colors.js';
 import { createSandbox, createSandboxEnv } from '../sandbox.js';
+import { ClaudeOptimizer } from '../claude-optimizer.js';
+import { SystemOptimizer } from '../system-optimizer.js';
 
 const ALLOWED_TOOLS = [
   'Task', 'Bash', 'Glob', 'Grep', 'Read', 'Edit', 'Write', 'NotebookEdit',
@@ -47,17 +49,37 @@ export async function claudeCommand(projectDir, prompt) {
     const envStartTime = Date.now();
     console.log(color('cyan', '⏱️  Stage 2: Setting up environment...'));
 
-    const env = createSandboxEnv(sandboxDir, {
+    // Apply Claude optimizations
+    const claudeOptimizer = new ClaudeOptimizer(sandboxDir);
+    claudeOptimizer.optimizeSettings();
+    await claudeOptimizer.prewarmPlugins();
+
+    // Apply system optimizations (with sudo access)
+    const systemOptimizer = new SystemOptimizer();
+    const systemOptimizationsApplied = await systemOptimizer.optimizeSystem();
+
+    // Create optimized environment
+    const baseEnv = createSandboxEnv(sandboxDir, {
       CLAUDECODE: '1'
     });
+
+    const env = systemOptimizationsApplied
+      ? { ...baseEnv, ...systemOptimizer.createOptimizedContainerEnv() }
+      : claudeOptimizer.createOptimizedEnv(baseEnv);
+
     const envCreateTime = Date.now() - envStartTime;
     console.log(color('green', `✅ Environment configured in ${envCreateTime}ms`));
 
+    if (systemOptimizationsApplied) {
+      console.log(color('yellow', `🚀 System-level optimizations applied`));
+    }
+
     console.log(color('cyan', `📦 Using host Claude settings with all available tools\n`));
 
     const claudeArgs = [
       '--verbose',
-      '--output-format', 'stream-json'
+      '--output-format', 'stream-json',
+      '--permission-mode', 'bypassPermissions'
     ];
 
     console.log(color('blue', `📝 Running Claude Code with host settings\n`));
@@ -90,7 +112,15 @@ export async function claudeCommand(projectDir, prompt) {
               }
               console.log(color('green', `✅ Session started (${event.session_id.substring(0, 8)}...)`));
               console.log(color('cyan', `📦 Model: ${event.model}`));
-              console.log(color('cyan', `🔧 Tools: ${event.tools.length} available\n`));
+              console.log(color('cyan', `🔧 Tools: ${event.tools.length} available`));
+
+              // List available tools
+              if (event.tools && event.tools.length > 0) {
+                const toolNames = event.tools.map(tool => tool.name || tool).sort();
+                console.log(color('yellow', `   Available: ${toolNames.join(', ')}\n`));
+              } else {
+                console.log('');
+              }
             } else if (event.type === 'assistant' && event.message) {
               const content = event.message.content;
               if (Array.isArray(content)) {

package/utils/sandbox.js

@@ -12,11 +12,16 @@ export function createSandbox(projectDir) {
     `git config --global --add safe.directory "${projectDir}"`,
     `git config --global --add safe.directory "${projectDir}/.git"`,
     // Use shallow clone for faster checkout (depth 1 = current commit only)
-    `git clone --depth 1 --no-tags "${projectDir}" "${workspaceDir}"`,
-    // Configure host repo to accept pushes
-    `git config receive.denyCurrentBranch updateInstead`
+    `git clone --depth 1 --no-tags "${projectDir}" "${workspaceDir}"`
   ];
 
+  // Configure host repo to accept pushes (run in project directory)
+  execSync(`cd "${projectDir}" && git config receive.denyCurrentBranch updateInstead`, {
+    stdio: 'pipe',
+    shell: true,
+    windowsHide: true
+  });
+
   // Execute git commands in parallel where possible
   gitCommands.forEach(cmd => {
     execSync(cmd, {
@@ -133,10 +138,12 @@ export function createSandboxEnv(sandboxDir, options = {}) {
     ...process.env,
   };
 
-  // Keep host HOME directory for Claude credentials access
-  // but add sandbox directories for other XDG paths
-  // env.HOME = process.env.HOME; // Already inherited from process.env
-  env.USERPROFILE = process.env.USERPROFILE || process.env.HOME;
+  // IMPORTANT: Set HOME to sandbox directory for Claude to find settings
+  // but preserve access to host credentials via symlink
+  env.HOME = sandboxDir;
+  env.USERPROFILE = sandboxDir;
+
+  // Set XDG paths to use sandbox Claude directory
   env.XDG_CONFIG_HOME = sandboxClaudeDir;
   env.XDG_DATA_HOME = join(sandboxClaudeDir, '.local', 'share');
   env.XDG_CACHE_HOME = sandboxCacheDir;

package/utils/system-optimizer.js

@@ -0,0 +1,240 @@
+import { execSync } from 'child_process';
+import { existsSync, writeFileSync } from 'fs';
+import { join } from 'path';
+
+export class SystemOptimizer {
+  constructor() {
+    this.hasSudo = this.checkSudoAccess();
+  }
+
+  checkSudoAccess() {
+    try {
+      execSync('sudo -n true', { stdio: 'pipe' });
+      return true;
+    } catch (e) {
+      return false;
+    }
+  }
+
+  // Optimize system for Claude Code performance
+  async optimizeSystem() {
+    console.log('🚀 Applying system-level optimizations...');
+
+    if (!this.hasSudo) {
+      console.log('⚠️  No sudo access, skipping system optimizations');
+      return false;
+    }
+
+    const optimizations = [
+      this.optimizeKernelParameters(),
+      this.optimizeNetworkStack(),
+      this.preloadCommonLibraries(),
+      this.optimizeFilesystem(),
+      this.setupClaudeService()
+    ];
+
+    const results = await Promise.allSettled(optimizations);
+    const successCount = results.filter(r => r.status === 'fulfilled').length;
+
+    console.log(`✅ Applied ${successCount}/${optimizations.length} system optimizations`);
+    return successCount > 0;
+  }
+
+  // Optimize kernel parameters for faster process spawning
+  async optimizeKernelParameters() {
+    if (!this.hasSudo) return false;
+
+    try {
+      const kernelTweaks = [
+        'sysctl -w vm.overcommit_memory=1',           // Allow memory overcommit
+        'sysctl -w kernel.sched_min_granularity_ns=1000000',  // Faster task scheduling
+        'sysctl -w fs.file-max=1048576',             // Increase file descriptor limit
+        'sysctl -w net.core.somaxconn=65535',        // Increase connection backlog
+        'sysctl -w net.ipv4.tcp_fin_timeout=15',     // Faster TCP connection cleanup
+        'sysctl -w net.ipv4.tcp_keepalive_time=600',  // Reduce keepalive timeout
+        'sysctl -w vm.swappiness=10'                 // Reduce swapping
+      ];
+
+      for (const tweak of kernelTweaks) {
+        execSync(`sudo ${tweak}`, { stdio: 'pipe' });
+      }
+
+      console.log('✅ Optimized kernel parameters');
+      return true;
+    } catch (error) {
+      console.log('⚠️  Could not optimize kernel parameters:', error.message);
+      return false;
+    }
+  }
+
+  // Preload Claude and plugin dependencies
+  async preloadCommonLibraries() {
+    if (!this.hasSudo) return false;
+
+    try {
+      // Create a preload script for common Node.js and Claude dependencies
+      const preloadScript = `
+# Preload common libraries for faster Claude startup
+echo "Preloading Claude dependencies..."
+
+# Common Node.js modules
+export NODE_PATH="/usr/lib/node_modules:$NODE_PATH"
+
+# Preload essential binaries
+which npx >/dev/null && npx --version >/dev/null 2>&1 &
+which node >/dev/null && node --version >/dev/null 2>&1 &
+
+# Wait for preloads to complete
+wait
+
+echo "Preloading complete"
+`;
+
+      const preloadPath = '/tmp/claude-preload.sh';
+      writeFileSync(preloadPath, preloadScript);
+      execSync(`chmod +x ${preloadPath}`, { stdio: 'pipe' });
+
+      // Execute preload script with elevated privileges if needed
+      execSync(preloadPath, { stdio: 'pipe' });
+
+      console.log('✅ Preloaded common libraries');
+      return true;
+    } catch (error) {
+      console.log('⚠️  Could not preload libraries:', error.message);
+      return false;
+    }
+  }
+
+  // Optimize filesystem for faster access
+  async optimizeFilesystem() {
+    if (!this.hasSudo) return false;
+
+    try {
+      // Optimize tmpfs for faster temporary operations
+      const tmpfsOptimizations = [
+        'mount -t tmpfs -o size=1G tmpfs /tmp/claude-cache 2>/dev/null || true',
+        'mkdir -p /tmp/claude-cache /tmp/claude-plugins',
+        'chmod 777 /tmp/claude-cache /tmp/claude-plugins'
+      ];
+
+      for (const opt of tmpfsOptimizations) {
+        execSync(`sudo ${opt}`, { stdio: 'pipe' });
+      }
+
+      console.log('✅ Optimized filesystem for Claude');
+      return true;
+    } catch (error) {
+      console.log('⚠️  Could not optimize filesystem:', error.message);
+      return false;
+    }
+  }
+
+  // Setup Claude as a pre-warmed service
+  async setupClaudeService() {
+    if (!this.hasSudo) return false;
+
+    try {
+      const serviceConfig = `[Unit]
+Description=Claude Code Pre-warm Service
+After=network.target
+
+[Service]
+Type=forking
+User=root
+ExecStart=/usr/local/bin/claude-prewarm.sh
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+`;
+
+      const prewarmScript = `#!/bin/bash
+# Claude Code pre-warming service
+echo "Starting Claude pre-warm service..."
+
+# Create necessary directories
+mkdir -p /tmp/claude-cache /tmp/claude-plugins /tmp/claude-sessions
+
+# Pre-warm Node.js runtime
+timeout 10s node --version >/dev/null 2>&1 &
+
+# Pre-warm NPX
+timeout 10s npx --version >/dev/null 2>&1 &
+
+# Pre-warm common plugins if available
+timeout 5s npx -y glootie-cc@anentrypoint-plugins --help >/dev/null 2>&1 &
+
+echo "Claude pre-warm service ready"
+`;
+
+      // Write service file
+      execSync('echo "' + serviceConfig.replace(/"/g, '\\"') + '" | sudo tee /etc/systemd/system/claude-prewarm.service', { stdio: 'pipe' });
+
+      // Write prewarm script
+      execSync('echo "' + prewarmScript.replace(/"/g, '\\"') + '" | sudo tee /usr/local/bin/claude-prewarm.sh', { stdio: 'pipe' });
+      execSync('sudo chmod +x /usr/local/bin/claude-prewarm.sh', { stdio: 'pipe' });
+
+      // Enable and start service
+      execSync('sudo systemctl daemon-reload', { stdio: 'pipe' });
+      execSync('sudo systemctl enable claude-prewarm.service', { stdio: 'pipe' });
+      execSync('sudo systemctl start claude-prewarm.service', { stdio: 'pipe' });
+
+      console.log('✅ Setup Claude pre-warm service');
+      return true;
+    } catch (error) {
+      console.log('⚠️  Could not setup Claude service:', error.message);
+      return false;
+    }
+  }
+
+  // Optimize network stack for faster plugin communication
+  async optimizeNetworkStack() {
+    if (!this.hasSudo) return false;
+
+    try {
+      const networkOptimizations = [
+        'sysctl -w net.core.rmem_max=134217728',      // Increase receive buffer
+        'sysctl -w net.core.wmem_max=134217728',      // Increase send buffer
+        'sysctl -w net.ipv4.tcp_rmem="4096 65536 134217728"',  // TCP receive buffer
+        'sysctl -w net.ipv4.tcp_wmem="4096 65536 134217728"',  // TCP send buffer
+        'sysctl -w net.ipv4.tcp_congestion_control=bbr'  // Use BBR congestion control
+      ];
+
+      for (const opt of networkOptimizations) {
+        execSync(`sudo ${opt}`, { stdio: 'pipe' });
+      }
+
+      console.log('✅ Optimized network stack');
+      return true;
+    } catch (error) {
+      console.log('⚠️  Could not optimize network:', error.message);
+      return false;
+    }
+  }
+
+  // Create optimized container environment
+  createOptimizedContainerEnv() {
+    return {
+      // System optimizations
+      'NODE_OPTIONS': '--max-old-space-size=4096 --no-experimental-fetch',
+      'CLAUDE_OPTIMIZED': '1',
+      'CLAUDE_CACHE_DIR': '/tmp/claude-cache',
+      'CLAUDE_PLUGIN_DIR': '/tmp/claude-plugins',
+
+      // Performance tuning
+      'UV_THREADPOOL_SIZE': '16',
+      'NODEUV_THREADPOOL_SIZE': '16',
+
+      // Fast startup flags
+      'CLAUDE_FAST_INIT': '1',
+      'CLAUDE_SKIP_WELCOME': '1',
+      'CLAUDE_MINIMAL_PLUGINS': '1',
+
+      // Timeout optimizations
+      'MCP_TIMEOUT': '3000',
+      'MCP_CONNECT_TIMEOUT': '2000',
+      'CLAUDE_PLUGIN_TIMEOUT': '5000'
+    };
+  }
+}