fix(runner): fix openshell sandbox trust prompts and inference routing compat#217
Conversation
…g compat Move HOME and CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS exports above the guard check so they apply on every invocation, not just the first. Bootstrap .claude.json with per-project hasTrustDialogAccepted for both /sandbox and /sandbox/runner to prevent trust prompt on manual claude runs. Shorten the dummy ANTHROPIC_API_KEY to "notused" to avoid Claude Code custom API key rejection. Add --bare flag to the guard's exec path. Update openshell-gateway skill to mark credential steps as REQUIRED and document that sandboxes must be created through the control plane, not via openshell sandbox create. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jsell-rh
left a comment
There was a problem hiding this comment.
🤖 Amber Review — Approved
All three changes are correct and well-scoped. The root cause analysis in the PR summary is accurate — the HOME/CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS ordering bug was a real issue on subsequent invocations, and the notused sentinel sidesteps the Claude Code key-length rejection cleanly. Skill doc improvements are high value.
Two minor observations (neither blocks merge):
1. Misleading comment in the wrapper script
The new comment above the .claude.json bootstrap block reads:
# The customApiKeyResponses pre-approves the dummy key suffix used for inference routing...
But customApiKeyResponses is not present in the JSON being written. The actual fix for the API key prompt is the "notused" change in kube_reconciler.go. This comment will confuse future readers who search .claude.json for that field and find nothing. Suggest updating it to something like:
# Without this, Claude Code prompts for trust on the first run in each project directory.
# The API key prompt is suppressed separately by using the short sentinel "notused" in
# kube_reconciler.go — Claude Code only warns on keys it recognizes as custom-format.2. --bare only on the guard's early-return path
--bare is added to the early-return exec (subsequent invocations) but not to the first-run exec at the bottom of the script. If --bare is desired consistently, the first-run path should match. If the first run intentionally needs non-bare output (e.g. for setup feedback), that's fine — worth a comment explaining the asymmetry.
Both are Minor per ACP severity classification. Approving.
— Amber
|
Adding |
|
| File | Component | Mode |
|---|---|---|
components/runners/ambient-runner/openshell-claude-wrapper.sh |
runner | warn |
No action required — these components are in warn mode. Consider using the component's agent workflow for future changes.
📖 Specs: Runner Spec · Runner Constitution
Summary
HOMEandCLAUDE_CODE_DISABLE_EXPERIMENTAL_BETASexports above the guard check in the openshell claude wrapper so they apply on every invocation, not just the first.claude.jsonwith per-projecthasTrustDialogAcceptedfor/sandboxand/sandbox/runnerto prevent trust dialog on manualclauderunsANTHROPIC_API_KEYfromunused-for-inference-routingtonotusedto avoid Claude Code custom API key rejection prompt--bareflag to the guard's exec path for consistencyopenshell sandbox create)Test plan
OPENSHELL_USE_GATEWAY=trueacpctl create sessionand verify sandbox provisions withproviders:1claude— should not prompt for trust or API key approvalCLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1is set in env on subsequentclaudeinvocations🤖 Generated with Claude Code