feat(bundle): opt-in session isolation via 'isolate: true'#13
Open
ivan-mihalic wants to merge 2 commits into
Open
feat(bundle): opt-in session isolation via 'isolate: true'#13ivan-mihalic wants to merge 2 commits into
ivan-mihalic wants to merge 2 commits into
Conversation
A bundle launch passes 'claude --plugin-dir <cache>', but in Claude Code 2.1.x --plugin-dir only ADDS the bundle on top of normal discovery: the user's globally-enabled plugins and ~/.claude skills still leak into the session. Add an opt-in 'isolate: true' bundle field that appends --bare, the documented lever that loads ONLY the --plugin-dir plugin (and its own skills/agents) while still honouring the bundle's --settings / --mcp-config. Default behaviour is unchanged (additive), so existing bundles are not affected. isolate is parsed + whitelisted in the manifest, overridable through extends (child wins), folded into the cache hash, and surfaced in 'umbel show' and the self-describing bundle.md.
The 'What's isolated, what leaks' README table claimed ~/.claude skills, agents and plugins were 'fully isolated' under a bundle. That is false for Claude Code 2.1.x: --plugin-dir only adds the bundle on top of normal discovery, so globally-enabled plugins and ~/.claude/skills leak into the session. Correct the table, document 'isolate: true' (→ --bare) as the lever that loads only the bundle, and add the field + invocation rule to the spec.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
umbel run <bundle>launchesclaude --plugin-dir <cache>. In Claude Code 2.1.x--plugin-dironly adds the bundle plugin on top of normal discovery — it does not suppress the user's globally-enabled plugins (enabledPluginsin~/.claude/settings.json) or~/.claude/skills. So a bundle session still surfaces every globally-enabled skill/agent, even when the bundle declares its own narrow set.This contradicted the README's "What's isolated, what leaks" table, which claimed
~/.claude/skills,agents, andpluginswere "No — fully isolated".Change
Opt-in
isolate: truebundle field. When set, the launch prepends--bare— the documented Claude Code lever that loads only the--plugin-dirplugin (and its skills/agents), skipping user plugins,~/.claude/skills, and project-scope auto-discovery — while still honouring the bundle's own--settings/--mcp-config.Default behaviour is unchanged (additive), so existing bundles are unaffected — honouring the additive-only constraint.
Details
manifest.ts(boolean, rejects non-bool).extends:(scalar, child wins) incompose.ts.umbel show+ the self-describingbundle.md(compile.ts,claude-args.ts).isolateadded to the spec frontmatter table, composition rules, and the Invocation-block contract.Tests
claude-args.test.ts(default = no isolation;isolate: true⇒--bare; isolate still passes--settings).tsc --noEmitclean,biome checkclean.