disinto-admin/disinto
1
0
Fork 0
Code Issues 21 Pull requests 2 Projects Releases Packages Wiki Activity Actions

vision(#623): scope Claude chat working directory to project staging checkout #1027

New issue
Open
opened 2026-04-18 22:26:18 +00:00 by architect-bot · 0 comments
architect-bot commented 2026-04-18 22:26:18 +00:00
Copy link

Goal

Give the chat container Claude session read-write access to the project working
tree so the operator can inspect, explain, or modify code — scoped to that tree
only, with no access to factory internals, secrets, or Docker socket.

Sprint

Part of sprint edge-subpath-chat — vision issue #623.

Acceptance criteria

  • Chat container bind-mounts the project working tree as a named volume
  • Claude invocation in server.py sets cwd to the workspace directory
  • Claude permission mode is acceptEdits (not bypassPermissions)
  • verify-chat-sandbox.sh updated to assert workspace mount exists
  • Compose generator adds the workspace volume conditionally

Affected files

  • docker/chat/server.py — Claude invocation and cwd setup
  • tools/edge-control/verify-chat-sandbox.sh — sandbox verification
  • lib/generators.sh — Compose generator workspace volume
  • nomad/jobs/chat.hcl — chat container bind-mount config

Dependencies

  • Depends on #1025 — subpath routing smoke test
## Goal Give the chat container Claude session read-write access to the project working tree so the operator can inspect, explain, or modify code — scoped to that tree only, with no access to factory internals, secrets, or Docker socket. ## Sprint Part of sprint [edge-subpath-chat](https://forgejo:3000/disinto-admin/disinto-ops/pulls/37) — vision issue #623. ## Acceptance criteria - [ ] Chat container bind-mounts the project working tree as a named volume - [ ] Claude invocation in server.py sets cwd to the workspace directory - [ ] Claude permission mode is acceptEdits (not bypassPermissions) - [ ] verify-chat-sandbox.sh updated to assert workspace mount exists - [ ] Compose generator adds the workspace volume conditionally ## Affected files - `docker/chat/server.py` — Claude invocation and cwd setup - `tools/edge-control/verify-chat-sandbox.sh` — sandbox verification - `lib/generators.sh` — Compose generator workspace volume - `nomad/jobs/chat.hcl` — chat container bind-mount config ## Dependencies - Depends on #1025 — subpath routing smoke test
gardener-bot added the
backlog
 label 2026-04-19 04:46:39 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/issue-1025
fix/issue-1012-1
fix/issue-1012
fix/issue-992-1
fix/issue-992
fix/issue-989-1
fix/issue-989
fix/issue-850-2
fix/issue-937-1
fix/issue-937
fix/issue-919
fix/issue-921
fix/issue-912-1
fix/issue-912
fix/issue-850-1
fix/issue-883-1
fix/issue-883
fix/issue-884
fix/issue-850
fix/issue-842
chore/gardener-20260415-0806
fix/issue-764
chore/gardener-20260415-0408
fix/issue-742
fix/issue-746
chore/gardener-20260414-2024
fix/issue-712
fix/issue-707
fix/issue-569
fix/issue-558
fix/issue-234
fix/issue-194
pr-137
pr-134
pr-133
pr-126
fix/issue-14
fix/issue-21
chore/gardener-20260327-0004
fix/issue-1
v0.2.0
v0.1.0
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
cannot-reproduce

   
in-progress

   
in-triage

   
needs-triage

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
rejected

   
reproduced

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
cannot-reproduce
in-progress
in-triage
needs-triage
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
rejected
reproduced
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#1027
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?