claudebox/package.nix at main · numtide/claudebox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
{
  pkgs,
  # Make claude-code overridable
  claude-code,
  # Keep this so package.nix can be copied into llm-agents.nix
  sourceDir ? ./src,
}:
let
  inherit (pkgs.stdenv) isLinux isDarwin;

  # Bundle all the tools Claude needs into a single environment
  claudeTools = pkgs.buildEnv {
    name = "claude-tools";
    paths = with pkgs; [
      # Essential tools Claude commonly uses
      git
      ripgrep
      fd
      coreutils
      gnugrep
      gnused
      gawk
      findutils
      which
      tree
      curl
      wget
      jq
      less
      # Shells
      zsh
      # Nix is essential for nix run
      nix
    ];
  };

  # Platform-specific sandbox tools
  sandboxTools = if isLinux then [ pkgs.bubblewrap ] else [ ];

  # Seatbelt profile for macOS (only installed on darwin)
  seatbeltProfile = "${sourceDir}/seatbelt.sbpl";

in
pkgs.runCommand "claudebox"
  {
    buildInputs = [ pkgs.makeWrapper ];
    meta = with pkgs.lib; {
      mainProgram = "claudebox";
      description = "Sandboxed environment for Claude Code";
      homepage = "https://github.com/numtide/claudebox";
      sourceProvenance = with sourceTypes; [ fromSource ];
      platforms = platforms.linux ++ platforms.darwin;
    };
  }
  ''
    mkdir -p $out/bin $out/share/claudebox $out/libexec/claudebox

    # Install claudebox launcher script
    cp ${sourceDir}/claudebox.js $out/libexec/claudebox/claudebox.js

    # Install seatbelt profile for macOS
    cp ${seatbeltProfile} $out/share/claudebox/seatbelt.sbpl

    # Create claudebox executable with platform-specific configuration
    makeWrapper ${pkgs.nodejs}/bin/node $out/bin/claudebox \
      --add-flags $out/libexec/claudebox/claudebox.js \
      --prefix PATH : ${
        pkgs.lib.makeBinPath (
          [
            pkgs.bashInteractive
            claudeTools
          ]
          ++ sandboxTools
        )
      } \
      ${if isDarwin then "--set CLAUDEBOX_SEATBELT_PROFILE $out/share/claudebox/seatbelt.sbpl" else ""}

    # Create claude wrapper
    makeWrapper ${claude-code}/bin/.claude-wrapped $out/libexec/claudebox/claude \
      --set DISABLE_AUTOUPDATER 1 \
      --inherit-argv0
  ''