summaryrefslogtreecommitdiff
path: root/makima/src/daemon/config.rs
diff options
context:
space:
mode:
Diffstat (limited to 'makima/src/daemon/config.rs')
-rw-r--r--makima/src/daemon/config.rs43
1 files changed, 43 insertions, 0 deletions
diff --git a/makima/src/daemon/config.rs b/makima/src/daemon/config.rs
index 866ee70..512b822 100644
--- a/makima/src/daemon/config.rs
+++ b/makima/src/daemon/config.rs
@@ -5,6 +5,38 @@ use serde::Deserialize;
use std::collections::HashMap;
use std::path::PathBuf;
+/// Bubblewrap sandbox configuration for Claude processes.
+#[derive(Debug, Clone, Deserialize, Default)]
+pub struct BubblewrapConfig {
+ /// Enable bubblewrap sandboxing.
+ #[serde(default)]
+ pub enabled: bool,
+
+ /// Path to bwrap binary (default: 'bwrap').
+ #[serde(default = "default_bwrap_command")]
+ pub bwrap_command: String,
+
+ /// Allow network access inside sandbox (default: true).
+ #[serde(default = "default_true")]
+ pub network: bool,
+
+ /// Additional paths to bind read-only.
+ #[serde(default)]
+ pub ro_bind: Vec<PathBuf>,
+
+ /// Additional paths to bind read-write.
+ #[serde(default)]
+ pub rw_bind: Vec<PathBuf>,
+}
+
+fn default_bwrap_command() -> String {
+ "bwrap".to_string()
+}
+
+fn default_true() -> bool {
+ true
+}
+
/// Root daemon configuration.
#[derive(Debug, Clone, Deserialize)]
pub struct DaemonConfig {
@@ -177,6 +209,10 @@ pub struct ProcessConfig {
/// Additional environment variables to pass to Claude Code.
#[serde(default, alias = "envvars")]
pub env_vars: HashMap<String, String>,
+
+ /// Bubblewrap sandbox configuration.
+ #[serde(default)]
+ pub bubblewrap: BubblewrapConfig,
}
fn default_claude_command() -> String {
@@ -198,6 +234,7 @@ impl Default for ProcessConfig {
max_concurrent_tasks: default_max_tasks(),
default_timeout_secs: 0,
env_vars: HashMap::new(),
+ bubblewrap: BubblewrapConfig::default(),
}
}
}
@@ -478,6 +515,11 @@ impl DaemonConfig {
// Log level is always set (has default)
config.logging.level = args.log_level.clone();
+ // Enable bubblewrap if --bubblewrap flag is set
+ if args.bubblewrap {
+ config.process.bubblewrap.enabled = true;
+ }
+
// Validate required fields after all sources are merged
config.validate()?;
@@ -511,6 +553,7 @@ impl DaemonConfig {
max_concurrent_tasks: 2,
default_timeout_secs: 0,
env_vars: HashMap::new(),
+ bubblewrap: BubblewrapConfig::default(),
},
local_db: LocalDbConfig {
path: PathBuf::from("/tmp/makima-daemon-test/state.db"),
generated by cgit v1.2.3 (git 2.39.1) at 2026-05-21 16:38:15 +0000