Bottles can now set "runtime": "runsc" to launch the agent container
under gVisor instead of runc, adding a userspace syscall barrier
between the agent and the host kernel. Default is runc (Docker
default). Pipelock stays on the default runtime per the research doc's
minimum-diff prescription.
The launcher verifies runsc is registered with the daemon before
launch, surfaces the runtime in the preflight plan, and dies with an
install pointer (and a macOS-not-supported note) when runsc is
requested but unavailable.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Drop docs/JOURNAL.md and .claude/skills/init-entry/, and update
CLAUDE.md, docs/INDEX.md, and claude-bottle.example.json so nothing
points at them anymore.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Worked example covering two bottles (one minimal, one with all three
env-entry modes, an SSH entry, and a wider egress allowlist) and three
agents that share them. Named .example.json so manifest_resolve does
not auto-load it when running cli.py from the repo root.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
didericis