- Move git_token and Bedrock credentials to OS keychain instead of
storing in plaintext projects.json via skip_serializing + keyring
- Fix project status stuck in Starting on container creation failure
by resetting to Stopped on any error path
- Add granular store methods to reduce TOCTOU race window
- Add auth_mode, project path, and bedrock config change detection
to container_needs_recreation with label-based fingerprinting
- Fix mutex held across async Docker API call in exec resize by
cloning exec_id under lock then releasing before API call
- Add graceful shutdown via on_window_event to clean up exec sessions
- Extract compute_env_fingerprint and merge_claude_instructions helpers
to eliminate code duplication in container.rs
- Remove unused thiserror dependency
- Return error instead of falling back to CWD when data dir unavailable
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
close_all_sessions() was called when stopping/removing/rebuilding a
project, which shut down exec sessions for every project. Track
container_id per session and use close_sessions_for_container() to
only close sessions belonging to the target project.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Entrypoint now runs as root to remap the container's claude user
UID/GID to match the host user, fixing bind mount permission errors
on WSL
- SSH keys are mounted read-only to a staging path (/tmp/.host-ssh)
and copied to ~/.ssh with correct permissions by the entrypoint
- Exec sessions explicitly run as the claude user
- Host UID/GID detected automatically and passed as env vars
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tauri v2 desktop app (React/TypeScript + Rust) for managing
containerized Claude Code environments. Includes Gitea Actions
workflow for building and pushing the sandbox container image,
and a BUILDING.md guide for manual app builds on Linux and Windows.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
