fix: resolve snap bun filesystem confinement breaking setup#92
Open
Zer0phucks wants to merge 1 commit intogarrytan:mainfrom
Open
fix: resolve snap bun filesystem confinement breaking setup#92Zer0phucks wants to merge 1 commit intogarrytan:mainfrom
Zer0phucks wants to merge 1 commit intogarrytan:mainfrom
Conversation
Bun installed via snap runs in a sandbox that blocks access to files outside approved paths (including ~/.claude/). This causes: - EACCES on `bun install` (can't read package.json) - CouldntReadCurrentDirectory on `bun run <script>` - Same errors with `bunx` Fix: resolve bun at setup start, preferring ~/.bun/bin/bun (the official installer target) over whatever is in PATH. Fall back to PATH bun if ~/.bun/bin/bun doesn't exist. Also inline the build steps that `bun run build` would have invoked, since `bun run` fails with CouldntReadCurrentDirectory even with the non-snap bun on some Linux setups. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Improves ./setup reliability on Linux systems where bun is installed via snap (and is subject to filesystem confinement), by explicitly selecting a non-snap bun binary and avoiding bun run/bunx paths that can fail under confinement.
Changes:
- Resolve
bunat the start of setup, preferring~/.bun/bin/bunover thebunfound in$PATH. - Inline the build steps instead of using
bun run build. - Replace
bunx playwright ...with"$BUN" x playwright ....
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
+13
to
+15
| BUN="$(command -v bun)" | ||
| fi | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
On Linux systems where
bunis installed via snap,./setupfails with cryptic errors:EACCES: Permission denied while opening package.json— snap sandbox blocks file access under~/.claude/CouldntReadCurrentDirectory—bun run <script>hits the same confinement wallbunx playwright install chromiumSnap apps run in a constricted sandbox that restricts filesystem access to approved paths. The
~/.claude/directory is not in that list.Fix
Resolve bun at setup start — prefer
~/.bun/bin/bun(the official installer's target) over whateverbunis in$PATH. Falls back to PATH bun if~/.bun/bin/bundoesn't exist, so non-snap installs are unaffected.Inline the build steps instead of using
bun run build—bun runfails withCouldntReadCurrentDirectoryeven with the non-snap bun on some Linux setups. The inlined commands (bun scripts/gen-skill-docs.ts,bun build --compile ...) work correctly.Replace
bunxwith"$BUN" xfor the Playwright install step.Test plan
~/.bun/bin/bunalso installed → uses~/.bun/bin/bun, succeedsbunx playwright install chromiumpath → replaced with"$BUN" x, no snap confinement issue🤖 Generated with Claude Code