potiuk opened a new pull request, #249: URL: https://github.com/apache/airflow-steward/pull/249
## Summary - Add the current working-tree root (resolved via `git rev-parse --show-toplevel`) to `sandbox.filesystem.allowRead` on every `claude-iso` launch, closing the wrapper-launch visibility gap that previously required hand-listing the repo path in `<repo>/.claude/settings.local.json`. - Preserve the existing `-w`/`--worktree` behavior as an additive layer: when present and `$PWD` is a worktree, also add the main repo (resolved via `git rev-parse --git-common-dir`). When run in the main repo, the two paths dedupe to one entry. Both ride into the session via a single `--settings` injection. - Outside a git repo, no injection (silent no-op). The stderr banner now reports the full list of paths added rather than the worktree-specific phrasing. - Document both behaviors in `docs/setup/secure-agent-setup.md` (new "Automatic sandbox allow-paths" subsection), since #157 landed `-w` without a docs cross-ref. ## Test plan - [x] `bash -n` and `zsh -n` syntax-check pass on the modified script - [x] Main repo, no `-w` → only the toplevel is injected - [x] Worktree, no `-w` → only the worktree dir is injected - [x] Worktree, with `-w` → worktree dir + main repo (two distinct paths) - [x] Main repo, with `-w` → single entry (toplevel == main repo, deduped) - [x] Outside any git repo → no `--settings` injection - [ ] Manual: in a fresh non-allowlisted repo, `claude-iso` lets the agent `Read` files under the project root (the §"Project-root coverage in the sandbox allowlists" reproducer) 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
