From d3b9e43016dcdd80f06706952115c7d0e846690b Mon Sep 17 00:00:00 2001 From: Cal Corum Date: Tue, 7 Apr 2026 12:00:02 -0500 Subject: [PATCH] =?UTF-8?q?docs:=20sync=20KB=20=E2=80=94=20backlog-triage-?= =?UTF-8?q?sandbox-fix.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scheduled-tasks/backlog-triage-sandbox-fix.md | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 scheduled-tasks/backlog-triage-sandbox-fix.md diff --git a/scheduled-tasks/backlog-triage-sandbox-fix.md b/scheduled-tasks/backlog-triage-sandbox-fix.md new file mode 100644 index 0000000..5eb97e4 --- /dev/null +++ b/scheduled-tasks/backlog-triage-sandbox-fix.md @@ -0,0 +1,46 @@ +--- +title: "Backlog triage sandbox fix — repos.json outside working directory" +description: "Fix for backlog-triage scheduled task failing to read repos.json because the file was outside the claude -p sandbox (working_dir). Resolved by symlinking into the working directory." +type: troubleshooting +domain: scheduled-tasks +tags: [claude-code, backlog-triage, sandbox, runner, troubleshooting] +--- + +# Backlog Triage — repos.json Outside Sandbox + +**Date**: 2026-04-07 + +## Problem + +The `backlog-triage` scheduled task reported: + +> `~/.config/claude-scheduled/repos.json` is outside the allowed session directories and couldn't be read. + +The task fell back to querying all discoverable repos via Gitea instead of using the curated repo list. + +## Root Cause + +`claude -p` sandboxes file access to the **working directory** (`/mnt/NV2/Development/claude-home`). The `repos.json` file lives at `~/.config/claude-scheduled/repos.json` (`/home/cal/`), which is outside the sandbox. + +The `--allowedTools "Read(~/.config/claude-scheduled/repos.json)"` flag controls **tool permissions** (which tools the session can call), not **filesystem access**. The sandbox boundary is set by the working directory, and `allowedTools` cannot override it. + +## Fix + +1. **Symlinked** `repos.json` into the working directory: + ```bash + ln -sf /home/cal/.config/claude-scheduled/repos.json \ + /mnt/NV2/Development/claude-home/.claude/repos.json + ``` + +2. **Updated** `tasks/backlog-triage/prompt.md` to reference `.claude/repos.json` instead of the absolute home-dir path. + +3. **Updated** `tasks/backlog-triage/settings.json` allowed_tools to `Read(.claude/repos.json)`. + +## Key Lesson + +For `runner.sh` template tasks, any file the task needs to read **must be inside the working directory** or reachable via a symlink within it. The `--allowedTools` flag is a permissions layer on top of the sandbox — it cannot grant access to paths outside the sandbox. + +## Also Changed (same session) + +- Removed `cognitive-memory` MCP from backlog-triage; replaced with `kb-search` (HTTP MCP at `10.10.0.226:8001/mcp`) for cross-referencing issue context against the knowledge base. +- Removed all `mcp__cognitive-memory__*` tools from allowed_tools; added `mcp__kb-search__search` and `mcp__kb-search__get_document`.