3. Live in a standalone repo, extracted from python-copier-template

Date: 2026-05-10

Status

Accepted

Context

The sandbox originally lived embedded in python-copier-template as .devcontainer/claude-sandbox.sh — a single bash script using unshare -m plus tmpfs overlays. Carrying a security tool as a templated copy means one drifting copy in every generated project and no canonical thing to audit or verify.

Decision

Extract the sandbox into this standalone repository. A security tool needs one canonical, audit-friendly home with its own CI, a versioned release surface, and /verify-sandbox as a first-class command. The template should consume this repo, not embed it.

Consequences

• python-copier-template’s .devcontainer/claude-sandbox.sh remains as prior art but is not maintained.

• We refuse, without fresh justification, a template/ directory or copier.yml here, and “let’s keep a copy synced into python-copier-template.”

• The underlying principle — the sandbox’s surface must stay small enough to audit in one read — recurs as the driver behind 8. Bash-only: no Python package, uv, or pytest. The bwrap-based defences (see 4. Isolate with bwrap: drop all capabilities, scrub the environment, invert /root to default-deny) also replace the older unshare -m approach, which would have been awkward inside a per-project template.