Quick reference for sandbox features. Test and verify security measures in your Omnidev deployment.
Git is blocked for Claude Code, everything else is accessible.
git commandsrm, curl, wget, npm, and all other tools/opt/internal/bin/gitIn Claude Code's context:
git --version
Output: [BLOCKED] git access denied
curl --version
Output: curl 7.x.x (works normally)
rm file.txt
Works normally
In your Next.js app:
import { createSandboxedGit } from '@/lib/git/sandbox';
const git = createSandboxedGit('/app/workspaces/repo');
await git.clone('https://...', '/app/workspaces/repo');
Works perfectly - uses /opt/internal/bin/git
| What | Where | Who Can Access |
|---|---|---|
| Real git binary | /opt/internal/bin/git | App only |
| Git wrapper (blocker) | /usr/bin/git | Everyone (returns error) |
| Claude Code wrapper | /usr/local/bin/claude-code-wrapper | App (to run Claude) |
| Standard tools | /usr/bin/*, /bin/* | Everyone |
The execution module automatically uses the wrapper (defaults defined in code):
const result = await askClaudeCode('Analyze this code', {
workingDirectory: '/app/workspaces/my-repo',
workspaceId: '123',
});
Sandboxed execution:
/usr/local/bin/claude-code-wrapper /app/workspaces/repo -p "hello"
What happens:
/app/workspaces/repo/opt/internal/bin from PATHclaude-code -p "hello"The sandbox is automatically verified in the GitLab CI/CD pipeline:
docker-testdocker-sandbox-verifyView results in your GitLab pipeline → docker-test stage → docker-sandbox-verify job
Test git blocking:
docker exec workflow-app git --version
Expected: [BLOCKED] git access denied
Test internal git:
docker exec workflow-app /opt/internal/bin/git --version
Expected: git version 2.x.x
Test standard tools (should work):
docker exec workflow-app curl --version
Expected: curl 7.x.x
Run comprehensive sandbox tests:
docker exec workflow-app /app/scripts/verify-sandbox.sh
Claude Code can do this:
curl -O https://example.com/file.zip
wget https://cdn.example.com/library.tar.gz
npm install
pip install -r requirements.txt
✅ All work normally
Claude Code tries:
git add .
git commit -m "changes"
❌ Blocked - returns error message
Your app does:
const git = createSandboxedGit(workspacePath);
await git.add('.');
await git.commit('Changes from Claude Code analysis');
await git.push();
✅ Works perfectly - app has full git access
Solution: Check that simple-git is using the internal binary:
import { verifyGitBinary } from '@/lib/git/sandbox';
const isOk = await verifyGitBinary();
console.log('Git accessible:', isOk);
Solution: Verify git is blocked:
docker exec workflow-app git --version
Should output: [BLOCKED] git access denied
Solution: This is NOT expected. Verify curl/wget are not blocked:
docker exec workflow-app curl --version
Should work normally, NOT be blocked
┌────────────────────────────────────────────┐ │ Docker Container │ │ │ │ /usr/bin/git ────────┐ │ │ (blocking script) │ │ │ ▼ │ │ [BLOCKED] │ │ ▲ │ │ │ │ │ Claude Code │ │ (tries git) │ │ │ │ /opt/internal/bin/git ────┐ │ │ (real binary) │ │ │ ▼ │ │ Your App │ │ (uses git ✓) │ │ │ └────────────────────────────────────────────┘
/usr/bin/git is a blocking script/opt/internal/bin/git exists and works/usr/local/bin/claude-code-wrappercreateSandboxedGit() for all git opsBuild with sandbox:
docker-compose build
Run with sandbox enabled:
docker-compose up -d
Verify sandbox:
docker exec workflow-app /app/scripts/verify-sandbox.sh
Check git blocking:
docker exec workflow-app git --version
Check internal git:
docker exec workflow-app /opt/internal/bin/git --version
View logs:
docker logs workflow-app | grep CLAUDE
Shell into container:
docker exec -it workflow-app bash
docker exec workflow-app /app/scripts/verify-sandbox.shdocker logs workflow-app | grep -i "sandbox\|git\|claude"docker exec -it workflow-app bashLast Updated: 2025-11-25