Upgrade claude-sandbox

git pull --ff-only && bash install

The installer is idempotent; the shadow is re-established without re-downloading Claude.

Why upgrades are deliberate

Claude Code’s in-container auto-updater is disabled (env.DISABLE_AUTOUPDATER=1 + autoUpdates:false). The updater otherwise re-creates ~/.local/bin/claude on a version bump, which — depending on your PATH order — can launch the real binary unwrapped, with no bwrap and no git steering. This is self-entrenching and silent.

With the updater off, updates happen only when you re-run the installer. Re-running bash install:

• re-relocates the current Claude binary to /usr/libexec/claude-sandbox/claude (off the user’s PATH), and

• re-asserts the shadow at /usr/local/bin/claude.

For why this root-cause removal matters and how the global guard fails loud if an unwrapped binary ever appears anyway, see the integrity guard explanation.