From 229fc47d3d46d0e26300740ae85a0736e75f4e04 Mon Sep 17 00:00:00 2001 From: Timothy Allen Date: Sun, 29 Mar 2026 15:16:36 +0200 Subject: [PATCH] Add utility to bubblewrap a coding agent (claude/pi) --- isolate | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100755 isolate diff --git a/isolate b/isolate new file mode 100755 index 0000000..afc4b0c --- /dev/null +++ b/isolate @@ -0,0 +1,76 @@ +#/bin/bash + +project_dir=$( pwd ) + +bubblewrap=$( command -v bwrap ) +agents=( + $( command -v claude ) + $( command -v pi ) + $( command -v ps ) # for testing +) + +if [[ "${project_dir}" = "${HOME}" ]]; then + echo "Not running in ${HOME}" + exit +fi + +if [[ -n "${1}" ]] && [[ -n $( command -v "${1}" ) ]]; then + coder=$( command -v "${1}" ) && shift + args="${@}" +else + echo "Please specify a coding agent" + exit +fi + +if ! [[ " ${agents[@]} " =~ " ${coder} " ]]; then + echo "No agent found" + exit +fi + +declare -a ro_binds +declare -a binds + +ro_binds=( + /usr + /lib + /lib64 + /bin + /etc/resolv.conf + /etc/hosts + /etc/ssl + /etc/passwd + /etc/group +) + +for loc in "${HOME}/.gitconfig" "${HOME}/.local"; do + if [[ -e "${loc}" ]]; then + ro_binds+=("${loc}") + fi +done + +binds=() + +for loc in "${HOME}/.claude" "${HOME}/.pi" "${project_dir}"; do + if [[ -e "${loc}" ]]; then + binds+=("${loc}") + fi +done + +for i in "${!ro_binds[@]}"; do + ro_binds["${i}"]="--ro-bind ${ro_binds[${i}]} ${ro_binds[${i}]}" +done +for i in "${!binds[@]}"; do + binds["${i}"]="--bind ${binds[${i}]} ${binds[${i}]}" +done + +${bubblewrap} \ + ${ro_binds[@]} \ + ${binds[@]} \ + --tmpfs /tmp \ + --proc /proc \ + --dev /dev \ + --share-net \ + --unshare-pid \ + --die-with-parent \ + --chdir "${project_dir}" \ + "$( command -v ${coder} )" "${args}"