feat(sandbox): add Gradle, Maven, and additional language cache support

claude · claude · commit 05cb78f19ad1 · 2026-02-07T02:34:08.000Z
Sandbox lacked access to Gradle, Maven, and other common language caches, causing builds to fail or unnecessarily redownload dependencies.

Authored By: opencode (claude-sonnet-4-5-20250929)
diff --git a/tools/agent-sandbox.sh b/tools/agent-sandbox.sh
@@ -432,7 +432,26 @@ if [[ "${AGENT_SANDBOX_BIND_HOME:-false}" == "true" ]]; then
 fi
 
 # Common language tooling cache directories
-for cache_path in "$HOME/.cache/go-build" "$HOME/.cargo" "$HOME/.cache/pip" "$HOME/.gem" "$HOME/.cache/yarn" "$HOME/.npm" "$HOME/.local/share/pnpm" "$HOME/.bun"; do
+# Only mount if they exist to avoid cluttering logs
+for cache_path in \
+  "$HOME/.cache/go-build" \
+  "$HOME/.cargo" \
+  "$HOME/.cache/pip" \
+  "$HOME/.gem" \
+  "$HOME/.cache/yarn" \
+  "$HOME/.npm" \
+  "$HOME/.local/share/pnpm" \
+  "$HOME/.bun" \
+  "$HOME/.gradle" \
+  "$HOME/.m2" \
+  "$HOME/.composer" \
+  "$HOME/.cache/composer" \
+  "$HOME/.nuget/packages" \
+  "$HOME/.vcpkg" \
+  "$HOME/.pub-cache" \
+  "$HOME/.swiftpm" \
+  "$HOME/.hex" \
+  "$HOME/.mix"; do
   [[ -d "$cache_path" ]] && SANDBOX_MOUNTS_RW+=("$cache_path")
 done
 
diff --git a/tools/macos-sandbox-profile.sb b/tools/macos-sandbox-profile.sb
@@ -153,6 +153,16 @@
   (subpath (param "HOME_NPM"))
   (subpath (param "HOME_SHARE_PNPM"))
   (subpath (param "HOME_BUN"))
+  (subpath (param "HOME_GRADLE"))
+  (subpath (param "HOME_M2"))
+  (subpath (param "HOME_COMPOSER"))
+  (subpath (param "HOME_CACHE_COMPOSER"))
+  (subpath (param "HOME_NUGET"))
+  (subpath (param "HOME_VCPKG"))
+  (subpath (param "HOME_PUB_CACHE"))
+  (subpath (param "HOME_SWIFTPM"))
+  (subpath (param "HOME_HEX"))
+  (subpath (param "HOME_MIX"))
 )
 
 ;; ==============================================================================
diff --git a/tools/macos-sandbox.sh b/tools/macos-sandbox.sh
@@ -72,6 +72,16 @@ SANDBOX_PARAMS+=("-DHOME_CACHE_YARN=$HOME/.cache/yarn")
 SANDBOX_PARAMS+=("-DHOME_NPM=$HOME/.npm")
 SANDBOX_PARAMS+=("-DHOME_SHARE_PNPM=$HOME/.local/share/pnpm")
 SANDBOX_PARAMS+=("-DHOME_BUN=$HOME/.bun")
+SANDBOX_PARAMS+=("-DHOME_GRADLE=$HOME/.gradle")
+SANDBOX_PARAMS+=("-DHOME_M2=$HOME/.m2")
+SANDBOX_PARAMS+=("-DHOME_COMPOSER=$HOME/.composer")
+SANDBOX_PARAMS+=("-DHOME_CACHE_COMPOSER=$HOME/.cache/composer")
+SANDBOX_PARAMS+=("-DHOME_NUGET=$HOME/.nuget/packages")
+SANDBOX_PARAMS+=("-DHOME_VCPKG=$HOME/.vcpkg")
+SANDBOX_PARAMS+=("-DHOME_PUB_CACHE=$HOME/.pub-cache")
+SANDBOX_PARAMS+=("-DHOME_SWIFTPM=$HOME/.swiftpm")
+SANDBOX_PARAMS+=("-DHOME_HEX=$HOME/.hex")
+SANDBOX_PARAMS+=("-DHOME_MIX=$HOME/.mix")
 
 # Handle BWRAP_EXTRA_PATHS by adding write permissions
 if [[ -n "${BWRAP_EXTRA_PATHS:-}" ]]; then
