Skip to content

Isolated run: filesystem-level isolation (mount namespaces / overlay / chroot) #102

Description

@slowdini

Goal

Explore OS-level (filesystem) isolation as a stronger alternative to today's read-isolation mechanism.

Background

Today's read-isolation makes the off-condition skill physically absent: switch-condition removes the off-condition's staged slug from env/.claude/skills/ (and reset-batch wipes/re-seeds the env between groups). This works, but it depends on Claude Code's file-watcher retracting a skill directory on delete mid-session — an empirically-validated but harness-specific assumption.

A stronger, OS-level approach — per-condition mount namespaces, an overlay mount, or chroot — would give the control arm an empty view of env/.claude/skills/ without deleting any files, sidestepping the watcher-retraction question entirely.

Why it's not done yet

It's the strongest isolation option, but:

  • OS-specific — mount namespaces / overlayfs are Linux-centric; macOS and Windows need different mechanisms.
  • Outside Claude Code's "subagents inherit cwd" model — no per-subagent mount namespace is exposed, so this doesn't compose cleanly with in-session Task dispatch.

Captured here as future work while retiring docs/isolated-run.md (#100), where it lived as the "Alternatives considered / out of scope" item. Part of epic #74.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions