forked from FlorianBruniaux/claude-code-ultimate-guide
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsandbox-validation.sh
More file actions
123 lines (109 loc) · 3.44 KB
/
sandbox-validation.sh
File metadata and controls
123 lines (109 loc) · 3.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#!/bin/bash
#
# Sandbox Validation Hook (PreToolUse)
#
# Purpose: Verify native sandbox is active before executing bash commands in production/untrusted environments
# Event: PreToolUse
# Blocking: Yes (exit 2 blocks command execution)
#
# Installation:
# 1. Copy to .claude/hooks/PreToolUse_sandbox-validation.sh
# 2. chmod +x .claude/hooks/PreToolUse_sandbox-validation.sh
# 3. Configure in settings.json:
# {
# "hooks": {
# "PreToolUse": [
# {
# "command": "bash",
# "script": ".claude/hooks/PreToolUse_sandbox-validation.sh"
# }
# ]
# }
# }
#
# Environment Variables (passed by Claude Code):
# CLAUDE_TOOL_NAME: Name of the tool being used (e.g., "Bash")
# CLAUDE_TOOL_PARAMS: JSON string of tool parameters
#
# Exit Codes:
# 0 = Allow (sandbox active or check disabled)
# 2 = Block (sandbox not active in strict mode)
set -euo pipefail
# Configuration
STRICT_MODE="${SANDBOX_VALIDATION_STRICT:-false}" # Set to "true" to require sandbox in production
PRODUCTION_MARKER="${SANDBOX_VALIDATION_MARKER:-.production}" # File marker for production environments
# Only validate Bash tool
if [ "${CLAUDE_TOOL_NAME:-}" != "Bash" ]; then
exit 0
fi
# Check if production environment
is_production() {
[ -f "$PRODUCTION_MARKER" ] || [ "${ENVIRONMENT:-}" = "production" ]
}
# Check if sandbox is active
is_sandbox_active() {
# Parse tool parameters to check for dangerouslyDisableSandbox
if echo "${CLAUDE_TOOL_PARAMS:-}" | jq -e '.dangerouslyDisableSandbox == true' >/dev/null 2>&1; then
return 1 # Sandbox explicitly disabled
fi
# Platform-specific checks
case "$OSTYPE" in
darwin*)
# macOS: Check if Seatbelt is available
if command -v sandbox-exec >/dev/null 2>&1; then
return 0
fi
;;
linux*)
# Linux: Check if bubblewrap is available
if command -v bubblewrap >/dev/null 2>&1; then
return 0
fi
;;
esac
return 1 # Sandbox not available
}
# Main validation logic
main() {
# Skip validation if not in strict mode and not production
if [ "$STRICT_MODE" != "true" ] && ! is_production; then
exit 0
fi
# Check sandbox status
if ! is_sandbox_active; then
echo "❌ SANDBOX VALIDATION FAILED" >&2
echo "" >&2
echo "Reason: Native sandbox not active for bash command" >&2
echo "" >&2
# Platform-specific guidance
case "$OSTYPE" in
darwin*)
echo "macOS: Seatbelt should be built-in. Check Claude Code installation." >&2
;;
linux*)
echo "Linux: Install bubblewrap and socat:" >&2
echo " sudo apt-get install bubblewrap socat # Ubuntu/Debian" >&2
echo " sudo dnf install bubblewrap socat # Fedora" >&2
;;
*)
echo "Platform: $OSTYPE (sandbox may not be supported)" >&2
;;
esac
echo "" >&2
echo "Options:" >&2
echo " 1. Enable sandbox: /sandbox command in Claude Code" >&2
echo " 2. Disable validation: Set SANDBOX_VALIDATION_STRICT=false" >&2
echo " 3. Remove production marker: rm $PRODUCTION_MARKER" >&2
echo "" >&2
if [ "$STRICT_MODE" = "true" ]; then
echo "⛔ Command BLOCKED (strict mode enabled)" >&2
exit 2 # Block command execution
else
echo "⚠️ Command ALLOWED (production environment detected but strict mode disabled)" >&2
exit 0 # Allow with warning
fi
fi
# Sandbox active - allow command
exit 0
}
main