Skip to content

feat(sandbox-ssh-fix): add plugin to fix git-over-SSH in macOS sandbox#59

Merged
cblecker merged 1 commit into
mainfrom
feat/sandbox-ssh-fix
Jun 25, 2026
Merged

feat(sandbox-ssh-fix): add plugin to fix git-over-SSH in macOS sandbox#59
cblecker merged 1 commit into
mainfrom
feat/sandbox-ssh-fix

Conversation

@cblecker

@cblecker cblecker commented Jun 25, 2026

Copy link
Copy Markdown
Owner

Summary

  • Adds a new sandbox-ssh-fix plugin that works around anthropics/claude-code#70684
  • The Claude Code sandbox injects GIT_SSH_COMMAND with BSD nc -X 5 for SOCKS5 proxying, but nc on macOS doesn't support SOCKS5 authentication — breaking all git-over-SSH operations
  • A SessionStart hook detects the broken pattern and replaces it with ncat --proxy-type socks5 --proxy-auth (or falls back to plain ssh if ncat is unavailable)

Test plan

  • Restart Claude Code in the sandbox and verify GIT_SSH_COMMAND is overridden
  • Run git fetch --dry-run -v to confirm git-over-SSH works
  • Verify the plugin does nothing outside the sandbox (SANDBOX_RUNTIME unset)
  • Test fallback path when ncat is not installed

Summary by CodeRabbit

  • New Features
    • Added a new sandbox-ssh-fix plugin for Claude Code on macOS to address broken Git-over-SSH proxying in the sandbox.
    • Automatically detects the sandbox SSH proxy situation at session start and updates Git SSH behavior accordingly.
    • Uses a compatible SOCKS5 proxy approach when available, with a fallback that preserves stable direct SSH behavior.
  • Documentation
    • Updated the “Available Plugins” table and added plugin documentation to describe the workaround and activation conditions.

Copilot AI review requested due to automatic review settings June 25, 2026 21:47
@coderabbitai

coderabbitai Bot commented Jun 25, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7e559937-ce63-4b16-b26f-564e7193cae5

📥 Commits

Reviewing files that changed from the base of the PR and between 2467d35 and acb1118.

📒 Files selected for processing (7)
  • .claude-plugin/marketplace.json
  • README.md
  • sandbox-ssh-fix/.claude-plugin/plugin.json
  • sandbox-ssh-fix/CLAUDE.md
  • sandbox-ssh-fix/README.md
  • sandbox-ssh-fix/hooks/hooks.json
  • sandbox-ssh-fix/scripts/fix-git-ssh.sh
✅ Files skipped from review due to trivial changes (3)
  • sandbox-ssh-fix/README.md
  • sandbox-ssh-fix/CLAUDE.md
  • sandbox-ssh-fix/.claude-plugin/plugin.json
🚧 Files skipped from review as they are similar to previous changes (4)
  • README.md
  • .claude-plugin/marketplace.json
  • sandbox-ssh-fix/hooks/hooks.json
  • sandbox-ssh-fix/scripts/fix-git-ssh.sh

📝 Walkthrough

Walkthrough

Adds a new sandbox-ssh-fix plugin to the marketplace and README, defines its plugin metadata, and wires a SessionStart hook to run a script that conditionally rewrites GIT_SSH_COMMAND in $CLAUDE_ENV_FILE.

Changes

Sandbox SSH fix plugin

Layer / File(s) Summary
Plugin registration and metadata
.claude-plugin/marketplace.json, sandbox-ssh-fix/.claude-plugin/plugin.json, README.md
The marketplace manifest, plugin metadata, and top-level README add sandbox-ssh-fix as an available plugin.
SessionStart SSH rewrite
sandbox-ssh-fix/hooks/hooks.json, sandbox-ssh-fix/scripts/fix-git-ssh.sh, sandbox-ssh-fix/CLAUDE.md, sandbox-ssh-fix/README.md
A SessionStart hook runs fix-git-ssh.sh, which checks sandbox and proxy conditions, parses ALL_PROXY, and writes GIT_SSH_COMMAND updates to $CLAUDE_ENV_FILE; the plugin docs describe the same flow.

Sequence Diagram(s)

sequenceDiagram
  participant SessionStartHook
  participant FixGitSshScript
  participant ClaudeEnvFile
  SessionStartHook->>FixGitSshScript: runs ${CLAUDE_PLUGIN_ROOT}/scripts/fix-git-ssh.sh
  FixGitSshScript->>FixGitSshScript: checks SANDBOX_RUNTIME, GIT_SSH_COMMAND, ALL_PROXY, CLAUDE_ENV_FILE
  alt ncat is available
    FixGitSshScript->>ClaudeEnvFile: append export GIT_SSH_COMMAND with ProxyCommand using ncat
  else ncat is missing
    FixGitSshScript->>ClaudeEnvFile: append export GIT_SSH_COMMAND=ssh
  end
  FixGitSshScript->>ClaudeEnvFile: append SessionStart success message
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

A bunny hopped through sandbox night,
And nudged SSH to tunnel right.
With ncat charm or simple ssh,
The proxy maze went soft and free.
Thump-thump—new hops for git to see.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: adding the sandbox-ssh-fix plugin to address git-over-SSH issues in the macOS sandbox.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/sandbox-ssh-fix

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@sandbox-ssh-fix/scripts/fix-git-ssh.sh`:
- Around line 25-27: The ncat fallback in fix-git-ssh.sh currently writes a
plain GIT_SSH_COMMAND=ssh, which drops the no-mux SSH options and can still
break in the sandbox. Update the fallback branch in the script’s SSH command
setup so it preserves the existing no-multiplexing settings from the main path,
including ControlMaster=no and ControlPath=none, while still bypassing the
SOCKS5 proxy when ncat is unavailable.
- Around line 22-23: The exported GIT_SSH_COMMAND in fix-git-ssh.sh is being
written with broken shell quoting because ssh_cmd already contains single quotes
around ProxyCommand. Update the env-file write in the script to use shell-safe
escaping when appending to CLAUDE_ENV_FILE, keeping the existing ssh_cmd
construction intact and changing only how the export line is emitted.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e62d016c-704b-47d8-b1c2-654aea979369

📥 Commits

Reviewing files that changed from the base of the PR and between 9d9ef2e and 2467d35.

📒 Files selected for processing (7)
  • .claude-plugin/marketplace.json
  • README.md
  • sandbox-ssh-fix/.claude-plugin/plugin.json
  • sandbox-ssh-fix/CLAUDE.md
  • sandbox-ssh-fix/README.md
  • sandbox-ssh-fix/hooks/hooks.json
  • sandbox-ssh-fix/scripts/fix-git-ssh.sh

Comment thread sandbox-ssh-fix/scripts/fix-git-ssh.sh Outdated
Comment thread sandbox-ssh-fix/scripts/fix-git-ssh.sh

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a new sandbox-ssh-fix plugin to the marketplace that works around an upstream Claude Code bug (anthropics/claude-code#70684) where the macOS sandbox injects a GIT_SSH_COMMAND using BSD nc -X 5 for SOCKS5 proxying, which breaks git-over-SSH because macOS nc lacks SOCKS5 authentication. A SessionStart hook detects the broken pattern and rewrites GIT_SSH_COMMAND to use ncat (with credentials parsed from ALL_PROXY), falling back to plain ssh when ncat is absent. It fits the repo's flat, per-plugin marketplace structure and follows the existing SessionStart-hook pattern used by the git plugin.

Changes:

  • New sandbox-ssh-fix plugin: plugin.json, hooks/hooks.json, scripts/fix-git-ssh.sh, README.md, CLAUDE.md.
  • Registered the plugin in .claude-plugin/marketplace.json (strict) and the root README.md plugin table.
  • The hook gates on SANDBOX_RUNTIME, the broken nc -X 5 pattern, ALL_PROXY credentials, and CLAUDE_ENV_FILE before writing the override.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
sandbox-ssh-fix/scripts/fix-git-ssh.sh Core hook script; constructs and exports the corrected GIT_SSH_COMMAND (has a quoting bug).
sandbox-ssh-fix/hooks/hooks.json Registers the SessionStart hook pointing at the script.
sandbox-ssh-fix/.claude-plugin/plugin.json Plugin manifest (name, version, description, author, keywords).
sandbox-ssh-fix/README.md User-facing documentation of the problem, behavior, and prerequisites.
sandbox-ssh-fix/CLAUDE.md Internal notes on detection logic and design rationale.
.claude-plugin/marketplace.json Adds the plugin to the marketplace manifest.
README.md Adds the plugin to the Available Plugins table.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread sandbox-ssh-fix/scripts/fix-git-ssh.sh Outdated
Comment thread sandbox-ssh-fix/scripts/fix-git-ssh.sh Outdated
The Claude Code sandbox injects GIT_SSH_COMMAND with BSD nc for SOCKS5
proxying, but nc on macOS doesn't support SOCKS5 auth. This plugin
detects the broken pattern and replaces it with ncat or falls back to
plain ssh.

Workaround for anthropics/claude-code#70684

Assisted-by: Claude:claude-opus-4-6
@cblecker cblecker force-pushed the feat/sandbox-ssh-fix branch from 2467d35 to acb1118 Compare June 25, 2026 21:57
@cblecker

Copy link
Copy Markdown
Owner Author

@CodeRabbit review

@coderabbitai

coderabbitai Bot commented Jun 25, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@cblecker cblecker merged commit d1123d1 into main Jun 25, 2026
12 checks passed
@cblecker cblecker deleted the feat/sandbox-ssh-fix branch June 25, 2026 23:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants