)]}'
{
  "commit": "15be87f9fda3668acad98165614ac5df0cb585b7",
  "tree": "ba8429dcb6410335e6c032c8c518980cbb74ede9",
  "parents": [
    "675702395749ef3ba52fb5c0b897726b27adbe83"
  ],
  "author": {
    "name": "Jarek Potiuk",
    "email": "jarek@potiuk.com",
    "time": "Thu Apr 30 11:57:47 2026 +0200"
  },
  "committer": {
    "name": "GitHub",
    "email": "noreply@github.com",
    "time": "Thu Apr 30 11:57:47 2026 +0200"
  },
  "message": "docs(secure-agent-setup): sandbox-bypass warning hook + private-repo sync pattern (#17)\n\n* docs(secure-agent-setup): sandbox-bypass warning hook + private-repo sync pattern\n\nTwo new sections in `secure-agent-setup.md`:\n\n- \"Sandbox-bypass visibility hook\" — install + wiring for a\n  PreToolUse hook that prints a bold-red banner whenever the\n  model invokes Bash with `dangerouslyDisableSandbox: true`.\n  Recommended user-scope (`~/.claude/settings.json`) so it fires\n  in every session on the host, not just tracker sessions.\n  Includes a Verify snippet and Trade-offs notes (visibility-not-\n  block; grep-based JSON match for schema robustness).\n\n- \"Syncing user-scope config across machines\" — the dotfile-style\n  pattern for keeping `CLAUDE.md`, hook scripts, and an optional\n  global `claude-iso.sh` in lockstep across hosts via a private\n  git repo. What-to-track table, repo layout, fresh-host setup,\n  a minimal \\`sync.sh\\`, and a \"Why a private repo\" rationale.\n\nAlso adds two recommended/optional steps to \"Adopter setup\"\nlinking to the new sections.\n\nShips the hook script as \\`tools/agent-isolation/sandbox-bypass-warn.sh\\`\nwith the same ASF license header as the sibling \\`claude-iso.sh\\`,\nand adds it to the directory\u0027s README files table.\n\nThe doctoc-managed TOC at the top of \\`secure-agent-setup.md\\` is\nNOT updated by this commit — re-run doctoc before merging.\n\nGenerated-by: Claude Code (Claude Opus 4.7)\n\n* docs(secure-agent-setup): regenerate doctoc TOC for new sections\n\nThe previous commit (35bf73d) flagged that the doctoc-managed TOC\nat the top of `secure-agent-setup.md` was not updated when the two\nnew sections — \"Sandbox-bypass visibility hook\" and \"Syncing\nuser-scope config across machines\" — were added. This commit\nregenerates the TOC to include those sections plus their H3\nsubsections (maxlevel\u003d3, matching `.pre-commit-config.yaml`).\n\ndoctoc itself was not run to produce this — it is not installed in\nthe local environment and the sandbox blocks the npm/uv network\naccess needed to fetch it. The anchors were instead derived by\nhand following the same encoding rules already visible in the\nexisting TOC entries in this file:\n\n- spaces → `-`\n- in-word hyphens preserved (e.g. `user-scope`)\n- parentheses, asterisks, periods, backticks dropped without a separator\n- em-dash / slash with surrounding spaces → `--`\n\nA future doctoc run (e.g. via the pre-commit hook in CI) should\nproduce a no-op diff against this TOC.\n\nGenerated-by: Claude Code (Claude Opus 4.7)\n\n* docs(secure-agent-setup): sandbox-state status line for the terminal footer\n\nAdds a `statusLine` helper that makes the active sandbox state of\nthe current Claude Code session visible at all times — green\n`[sandbox]` when `sandbox.enabled: true` is set in the resolved\n`settings.json`, bold-red `[NO SANDBOX]` otherwise. The indicator\nsits in the terminal footer that Claude Code already renders, so\nno extra UI surface is added; it just makes the existing footer\ninformative about the *one* configuration property the rest of\nthis document is about.\n\nWhy it is needed even with the existing sandbox-bypass-warn hook:\nthe `PreToolUse` hook fires per-call when the model requests a\nbypass, but a session whose `sandbox.enabled` was simply never set\n(e.g. an unrelated project\u0027s `.claude/settings.json` is missing,\nthe user is in `~`, settings drift after a Claude Code upgrade)\nemits no signal until something goes wrong. The status line covers\nthat gap by surfacing settings-level state continuously.\n\nThree changes:\n\n- `tools/agent-isolation/sandbox-status-line.sh` — the helper.\n  Reads the statusLine JSON on stdin, resolves\n  `.sandbox.enabled` from project- then user-scope `settings.json`\n  via `jq`, prints `\u003cmodel\u003e [sandbox]` (green) or\n  `\u003cmodel\u003e [NO SANDBOX]` (bold red). ASF license header matching\n  the sibling scripts; executable bit set.\n- `secure-agent-setup.md` — new H2 \"Sandbox-state status line\"\n  between the bypass-warn hook section and the sync-config section\n  (sibling user-scope observability features). Adopter step 5 now\n  recommends both, the sync-config layout, \"what to track\" table\n  and fresh-host setup snippet pick up the new script. TOC entry\n  added by hand following the same encoding rule as the previous\n  TOC regen — anchor `#sandbox-state-status-line`.\n- `tools/agent-isolation/README.md` — Files table picks up the\n  new script.\n\nTrade-offs are documented in-line: the indicator is settings-level\ntruth, not session-level truth (CLI flags like\n`--bypass-permissions` and runtime mode changes that override the\nfile are not visible), and pairing with the per-call bypass-warn\nhook is the recommended belt-and-braces posture. A future Claude\nCode statusLine schema that exposes sandbox state directly would\nlet the helper drop the file-read.\n\nGenerated-by: Claude Code (Claude Opus 4.7)",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "a90557d52f5318795da7e2498a6d67b95bd21e76",
      "old_mode": 33188,
      "old_path": "secure-agent-setup.md",
      "new_id": "0e3e6eb3c4e6067608ce2baf8e0abd3fbef0e9b5",
      "new_mode": 33188,
      "new_path": "secure-agent-setup.md"
    },
    {
      "type": "modify",
      "old_id": "ba6711d17de423d1936ff389104f561746ce18b0",
      "old_mode": 33188,
      "old_path": "tools/agent-isolation/README.md",
      "new_id": "34b7f10e96b4ad1e71dbcf280652921e51bd5cfa",
      "new_mode": 33188,
      "new_path": "tools/agent-isolation/README.md"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "1cc54bac125f4faad116c5f2b905171aff2121e9",
      "new_mode": 33261,
      "new_path": "tools/agent-isolation/sandbox-bypass-warn.sh"
    },
    {
      "type": "add",
      "old_id": "0000000000000000000000000000000000000000",
      "old_mode": 0,
      "old_path": "/dev/null",
      "new_id": "e3bc5146ff4eebe3a6722e401aec099f7e53feb2",
      "new_mode": 33261,
      "new_path": "tools/agent-isolation/sandbox-status-line.sh"
    }
  ]
}