Skip to content

Fix Claude Code sandbox environment on Linux VMs#210

Merged
subsy merged 5 commits intomainfrom
claude/fix-vm-unhealthy-error-Qk9LF
Jan 23, 2026
Merged

Fix Claude Code sandbox environment on Linux VMs#210
subsy merged 5 commits intomainfrom
claude/fix-vm-unhealthy-error-Qk9LF

Conversation

@subsy
Copy link
Owner

@subsy subsy commented Jan 23, 2026

Summary

This PR fixes Claude Code execution failures on Linux VMs (particularly when running as root) by automatically setting the IS_SANDBOX=1 environment variable when the skipPermissions option is enabled.

Changes

  • Environment variable handling: When skipPermissions is enabled, the IS_SANDBOX=1 environment variable is now automatically injected into the Claude Code execution environment
  • Error messaging: Updated the Claude Code troubleshooting guide to include guidance about setting IS_SANDBOX=1 on Linux VMs running as root
  • Backwards compatibility: The change merges the sandbox environment with any user-provided environment variables, ensuring existing configurations continue to work

Implementation Details

  • The sandbox environment is conditionally constructed based on the skipPermissions flag
  • Environment variables are merged using object spread syntax, allowing user-provided env options to override the default sandbox setting if needed
  • The troubleshooting message now includes a fifth step specifically addressing the Linux VM sandbox requirement

Summary by CodeRabbit

  • New Features

    • Enhanced environment variable handling when permission skipping is enabled to ensure the sandbox flag is propagated across execution paths.
  • Documentation

    • Updated setup guidance with an additional Linux-specific step to ensure the sandbox environment flag is present, especially when running as root.
  • Tests

    • Added tests verifying sandbox environment variable behaviour, including default, explicit, disabled and user-overridden cases.

✏️ Tip: You can customize this high-level summary in your review settings.

…ermissions

On Linux VMs (especially running as root), Claude Code requires
IS_SANDBOX=1 in the environment when using --dangerously-skip-permissions.
Without it, Claude exits with a non-zero code, causing ralph-tui doctor
to mark the agent as UNHEALTHY.

Automatically inject IS_SANDBOX=1 into the spawned process environment
when skipPermissions is enabled. User-provided env vars can still
override this if needed.

https://claude.ai/code/session_01RESU72861v9zKL3p41DM2V
@vercel
Copy link

vercel bot commented Jan 23, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Review Updated (UTC)
ralph-tui Ignored Ignored Preview Jan 23, 2026 5:21pm

Request Review

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 23, 2026

Walkthrough

When skipPermissions is enabled, the Claude plugin sets IS_SANDBOX=1 and merges it into the spawned CLI process environment across both execute paths. Tests were added to validate the variable is set, omitted, or overridden. Preflight guidance text was updated to include a Linux note.

Changes

Cohort / File(s) Summary
Claude plugin core
src/plugins/agents/builtin/claude.ts
Added conditional injection of IS_SANDBOX=1 into options.env when skipPermissions is true, applied in both primary and secondary Claude execution paths; updated preflight guidance and example text to mention Linux-specific IS_SANDBOX requirement.
Tests for env propagation
tests/plugins/claude-agent.test.ts
Added tests that spy on BaseAgentPlugin.prototype.execute and use a test plugin to assert IS_SANDBOX is set when skipPermissions is true (explicit/default), absent when false, and can be overridden by user-provided env.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A tiny rabbit hops to say hello,
IS_SANDBOX=1 now helps the workflows flow.
Tests peek inside the env with cheer,
Linux gets a nod — the path is clear.
A small change, softly done — now onward we go! 🥕

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly and accurately summarizes the main change: adding IS_SANDBOX environment variable support for Claude Code on Linux VMs, which is the primary focus of both code and test changes.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link

codecov bot commented Jan 23, 2026

Codecov Report

❌ Patch coverage is 55.55556% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 44.93%. Comparing base (355f086) to head (837c093).
⚠️ Report is 6 commits behind head on main.

Files with missing lines Patch % Lines
src/plugins/agents/builtin/claude.ts 55.55% 4 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #210      +/-   ##
==========================================
+ Coverage   44.87%   44.93%   +0.06%     
==========================================
  Files          84       84              
  Lines       24466    24475       +9     
==========================================
+ Hits        10978    10998      +20     
+ Misses      13488    13477      -11     
Files with missing lines Coverage Δ
src/plugins/agents/builtin/claude.ts 54.82% <55.55%> (+2.63%) ⬆️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

claude and others added 4 commits January 23, 2026 16:45
Verifies that:
- IS_SANDBOX=1 is set when skipPermissions is true (default)
- IS_SANDBOX is not set when skipPermissions is false
- User-provided env vars can override the sandbox env

Uses a test subclass that spawns /bin/sh to echo the env var,
allowing direct verification of environment propagation.

https://claude.ai/code/session_01RESU72861v9zKL3p41DM2V
The previous tests spawned /bin/sh to verify IS_SANDBOX propagation,
which failed in CI due to environment differences. Rewrite to spy on
BaseAgentPlugin.prototype.execute and verify the env options passed
to it directly, making the tests deterministic and CI-friendly.

https://claude.ai/code/session_01RESU72861v9zKL3p41DM2V
@subsy subsy merged commit 589efb9 into main Jan 23, 2026
9 checks passed
sakaman pushed a commit to sakaman/ralph-tui that referenced this pull request Feb 15, 2026
…-Qk9LF

Fix Claude Code sandbox environment on Linux VMs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments