Skip to content

fix(runner): fix openshell sandbox trust prompts and inference routing compat#217

Merged
jsell-rh merged 1 commit into
mainfrom
fix/openshell-wrapper-sandbox-trust
Jul 1, 2026
Merged

fix(runner): fix openshell sandbox trust prompts and inference routing compat#217
jsell-rh merged 1 commit into
mainfrom
fix/openshell-wrapper-sandbox-trust

Conversation

@bsquizz

@bsquizz bsquizz commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Move HOME and CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS exports above the guard check in the openshell claude wrapper so they apply on every invocation, not just the first
  • Bootstrap .claude.json with per-project hasTrustDialogAccepted for /sandbox and /sandbox/runner to prevent trust dialog on manual claude runs
  • Shorten dummy ANTHROPIC_API_KEY from unused-for-inference-routing to notused to avoid Claude Code custom API key rejection prompt
  • Add --bare flag to the guard's exec path for consistency
  • Update openshell-gateway skill: mark credential steps as REQUIRED, document that sandboxes must be created through the control plane (not openshell sandbox create)

Test plan

  • Deploy kind cluster with OPENSHELL_USE_GATEWAY=true
  • Create credential and bind to tenant-a per skill Step 3
  • Create session via acpctl create session and verify sandbox provisions with providers:1
  • Connect to sandbox and run claude — should not prompt for trust or API key approval
  • Verify CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 is set in env on subsequent claude invocations

🤖 Generated with Claude Code

…g compat

Move HOME and CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS exports above the
guard check so they apply on every invocation, not just the first.
Bootstrap .claude.json with per-project hasTrustDialogAccepted for both
/sandbox and /sandbox/runner to prevent trust prompt on manual claude runs.
Shorten the dummy ANTHROPIC_API_KEY to "notused" to avoid Claude Code
custom API key rejection. Add --bare flag to the guard's exec path.

Update openshell-gateway skill to mark credential steps as REQUIRED and
document that sandboxes must be created through the control plane, not
via openshell sandbox create.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions github-actions Bot added auto-merge-pending PR eligible for auto-merge, waiting for checks component/control-plane component/runner labels Jul 1, 2026

@jsell-rh jsell-rh left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Amber Review — Approved

All three changes are correct and well-scoped. The root cause analysis in the PR summary is accurate — the HOME/CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS ordering bug was a real issue on subsequent invocations, and the notused sentinel sidesteps the Claude Code key-length rejection cleanly. Skill doc improvements are high value.

Two minor observations (neither blocks merge):

1. Misleading comment in the wrapper script

The new comment above the .claude.json bootstrap block reads:

# The customApiKeyResponses pre-approves the dummy key suffix used for inference routing...

But customApiKeyResponses is not present in the JSON being written. The actual fix for the API key prompt is the "notused" change in kube_reconciler.go. This comment will confuse future readers who search .claude.json for that field and find nothing. Suggest updating it to something like:

# Without this, Claude Code prompts for trust on the first run in each project directory.
# The API key prompt is suppressed separately by using the short sentinel "notused" in
# kube_reconciler.go — Claude Code only warns on keys it recognizes as custom-format.

2. --bare only on the guard's early-return path

--bare is added to the early-return exec (subsequent invocations) but not to the first-run exec at the bottom of the script. If --bare is desired consistently, the first-run path should match. If the first run intentionally needs non-bare output (e.g. for setup feedback), that's fine — worth a comment explaining the asymmetry.

Both are Minor per ACP severity classification. Approving.

Amber

@jsell-rh

jsell-rh commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Adding amber/approved label.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

⚠️ SDD Preflight — Managed Paths Modified

This PR modifies files in SDD-managed component(s). These components are migrating to Spec-Driven Development.

File Component Mode
components/runners/ambient-runner/openshell-claude-wrapper.sh runner warn

No action required — these components are in warn mode. Consider using the component's agent workflow for future changes.

📖 Specs: Runner Spec · Runner Constitution

@jsell-rh jsell-rh enabled auto-merge July 1, 2026 02:08
@jsell-rh jsell-rh added this pull request to the merge queue Jul 1, 2026
Merged via the queue into main with commit cb8f9e0 Jul 1, 2026
52 of 57 checks passed
@jsell-rh jsell-rh deleted the fix/openshell-wrapper-sandbox-trust branch July 1, 2026 02:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants