Skip to content

fix(sandbox-ssh-fix): use PATH-based nc wrapper instead of replacing GIT_SSH_COMMAND#60

Merged
cblecker merged 1 commit into
mainfrom
fix/sandbox-ssh-fix-nc-wrapper
Jun 26, 2026
Merged

fix(sandbox-ssh-fix): use PATH-based nc wrapper instead of replacing GIT_SSH_COMMAND#60
cblecker merged 1 commit into
mainfrom
fix/sandbox-ssh-fix-nc-wrapper

Conversation

@cblecker

@cblecker cblecker commented Jun 26, 2026

Copy link
Copy Markdown
Owner

Summary

  • Sandbox env vars (SANDBOX_RUNTIME, GIT_SSH_COMMAND, ALL_PROXY) are not available to SessionStart hooks, so the original approach of replacing GIT_SSH_COMMAND at startup couldn't work
  • Ships an nc wrapper (bin/nc) that intercepts SOCKS5 proxy calls at runtime and delegates to ncat with auth credentials parsed from ALL_PROXY
  • SessionStart hook now just prepends the plugin's bin/ to PATH via CLAUDE_ENV_FILE

Test plan

  • claude --plugin-dir ./sandbox-ssh-fix shows sandbox-ssh-fix: added nc wrapper to PATH on startup
  • which nc resolves to the plugin's wrapper, not /usr/bin/nc
  • git ls-remote --heads git@github.com:cblecker/claude-plugins.git succeeds in sandbox

Summary by CodeRabbit

  • New Features

    • Added a wrapper that automatically uses authenticated SOCKS5 proxy support when available, with a safe fallback to the system nc.
    • Updated startup behavior so the bundled tools are added to the path during sandbox sessions.
  • Documentation

    • Refreshed the setup notes to explain the connection flow and fallback behavior more clearly.
  • Chores

    • Bumped the plugin version to 1.0.1.

Copilot AI review requested due to automatic review settings June 26, 2026 04:02
@coderabbitai

coderabbitai Bot commented Jun 26, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@cblecker, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 44 minutes and 42 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d24dd4fa-e3c1-4e09-be23-c2e89f76c0c6

📥 Commits

Reviewing files that changed from the base of the PR and between 1b59ba0 and 9ee2281.

📒 Files selected for processing (5)
  • sandbox-ssh-fix/.claude-plugin/plugin.json
  • sandbox-ssh-fix/CLAUDE.md
  • sandbox-ssh-fix/README.md
  • sandbox-ssh-fix/bin/nc
  • sandbox-ssh-fix/scripts/fix-git-ssh.sh
📝 Walkthrough

Walkthrough

The sandbox SSH plugin now prepends its bin directory to PATH, routes nc calls through a wrapper that can use ncat for authenticated SOCKS5 proxies, falls back to /usr/bin/nc, and updates the plugin metadata and documentation.

Changes

Sandbox SSH proxy flow

Layer / File(s) Summary
Session-start PATH hook
sandbox-ssh-fix/scripts/fix-git-ssh.sh, sandbox-ssh-fix/.claude-plugin/plugin.json
fix-git-ssh.sh now only appends ${CLAUDE_PLUGIN_ROOT}/bin to PATH in CLAUDE_ENV_FILE, and the plugin metadata bumps the version and updates the description.
Proxy wrapper and walkthrough
sandbox-ssh-fix/bin/nc, sandbox-ssh-fix/CLAUDE.md
bin/nc routes SOCKS5 requests through ncat when ALL_PROXY contains credentials, falls back to /usr/bin/nc, and CLAUDE.md documents that flow.

Sequence Diagram(s)

sequenceDiagram
  participant Hook as fix-git-ssh.sh
  participant Env as CLAUDE_ENV_FILE
  participant SSH as ssh
  participant Wrapper as bin/nc
  participant Ncat as ncat
  participant RealNc as /usr/bin/nc
  Hook->>Env: append PATH=$CLAUDE_PLUGIN_ROOT/bin
  SSH->>Wrapper: resolve nc from PATH
  alt ALL_PROXY has credentials and ncat exists
    Wrapper->>Ncat: run with SOCKS5 proxy auth from ALL_PROXY
  else fallback
    Wrapper->>RealNc: exec original arguments
  end
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

  • cblecker/claude-plugins#59: Same sandbox-ssh-fix plugin; this prior PR added the session-start hook and GIT_SSH_COMMAND override logic that this PR replaces.

Poem

I hop through PATH on moonlit beams,
with ncat tucked in proxy dreams.
If SOCKS5 winks, I zip along,
else nc trots home, steady and strong.
Bink! The sandbox hums a rabbit song.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly matches the main change: switching from GIT_SSH_COMMAND replacement to a PATH-based nc wrapper.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/sandbox-ssh-fix-nc-wrapper

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@sandbox-ssh-fix/bin/nc`:
- Around line 2-7: The current nc wrapper in the bin/nc script is too broad: it
reroutes every ALL_PROXY request with credentials through ncat and drops most of
the original argv, which breaks the required /usr/bin/nc fallback. Update the
wrapper logic so only SOCKS5 proxy invocations are intercepted and forwarded to
ncat, preserving the expected arguments for that case, while all other nc calls
continue to exec /usr/bin/nc unchanged.

In `@sandbox-ssh-fix/CLAUDE.md`:
- Around line 5-24: The README walkthrough is out of sync with the current
sandbox-SSH flow and still mentions the removed GIT_SSH_COMMAND override and old
activation checks. Update README.md to match the behavior described in CLAUDE.md
by documenting the SessionStart PATH prepending via CLAUDE_ENV_FILE, the
sandbox-provided GIT_SSH_COMMAND invoking nc -X 5, the bin/nc wrapper
intercepting SOCKS5 calls, parsing ALL_PROXY credentials, delegating to ncat
with proxy auth, and the 127.0.0.1 localhost workaround.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5f0b84ff-3845-44fb-b855-af2d3385f893

📥 Commits

Reviewing files that changed from the base of the PR and between d1123d1 and 1b59ba0.

📒 Files selected for processing (4)
  • sandbox-ssh-fix/.claude-plugin/plugin.json
  • sandbox-ssh-fix/CLAUDE.md
  • sandbox-ssh-fix/bin/nc
  • sandbox-ssh-fix/scripts/fix-git-ssh.sh

Comment thread sandbox-ssh-fix/bin/nc Outdated
Comment thread sandbox-ssh-fix/CLAUDE.md Outdated

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reworks the sandbox-ssh-fix plugin, which works around broken git-over-SSH in the Claude Code sandbox on macOS (anthropics/claude-code#70684). The previous approach rewrote GIT_SSH_COMMAND from the SessionStart hook, but the PR explains that sandbox env vars (SANDBOX_RUNTIME, GIT_SSH_COMMAND, ALL_PROXY) aren't available to the hook, so that approach couldn't work. The new approach ships an nc wrapper and only manipulates PATH at startup, deferring the actual proxy fix to runtime when ALL_PROXY is available.

Changes:

  • Adds a bin/nc wrapper that delegates SOCKS5 proxy calls to ncat with credentials parsed from ALL_PROXY, falling back to /usr/bin/nc.
  • Simplifies the SessionStart hook to prepend the plugin's bin/ to PATH via CLAUDE_ENV_FILE, removing the prior SANDBOX_RUNTIME/GIT_SSH_COMMAND/ALL_PROXY guards.
  • Updates CLAUDE.md and bumps plugin.json to 1.0.1 with a revised description.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

File Description
sandbox-ssh-fix/bin/nc New PATH wrapper that rewrites nc SOCKS5 calls to ncat with auth; falls back to /usr/bin/nc.
sandbox-ssh-fix/scripts/fix-git-ssh.sh Hook now only prepends bin/ to PATH instead of rewriting GIT_SSH_COMMAND.
sandbox-ssh-fix/CLAUDE.md Rewrites docs to describe the wrapper-based approach.
sandbox-ssh-fix/.claude-plugin/plugin.json Version bump to 1.0.1 and updated description.

Note: sandbox-ssh-fix/README.md is not part of this PR but still documents the old GIT_SSH_COMMAND-replacement approach and a direct-SSH fallback that no longer exists; it is now inconsistent with the implementation and should be updated in a follow-up.


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

…GIT_SSH_COMMAND

Sandbox env vars (SANDBOX_RUNTIME, GIT_SSH_COMMAND, ALL_PROXY) are not
available to SessionStart hooks. Instead of trying to replace
GIT_SSH_COMMAND, ship an nc wrapper that intercepts SOCKS5 proxy calls
at runtime and delegates to ncat with auth credentials from ALL_PROXY.

The SessionStart hook now just prepends the plugin's bin/ to PATH via
CLAUDE_ENV_FILE. When SSH runs the ProxyCommand, the wrapper is found
first and handles the auth delegation transparently.

Assisted-by: Claude:claude-opus-4-6
@cblecker cblecker force-pushed the fix/sandbox-ssh-fix-nc-wrapper branch from 1b59ba0 to 9ee2281 Compare June 26, 2026 04:16
@cblecker cblecker merged commit e51ee9c into main Jun 26, 2026
12 checks passed
@cblecker cblecker deleted the fix/sandbox-ssh-fix-nc-wrapper branch June 26, 2026 04:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants