feat: rename working_dir→project_dir; git sandbox execution

- ClaudeConfig.WorkingDir → ProjectDir (json: project_dir)
- UnmarshalJSON fallback reads legacy working_dir from DB records
- New executions with project_dir clone into a temp sandbox via git clone --local
- Non-git project_dirs get git init + initial commit before clone
- After success: verify clean working tree, merge --ff-only back to project_dir, remove sandbox
- On failure/BLOCKED: sandbox preserved, path included in error message
- Resume executions run directly in project_dir (no re-clone)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2 files changed, 113 insertions, 7 deletions

diff --git a/internal/executor/claude.go b/internal/executor/claude.go
index c04a747..aa715da 100644
--- a/internal/executor/claude.go
+++ b/internal/executor/claude.go
@@ -55,10 +55,18 @@ func (r *ClaudeRunner) binaryPath() string {
 // Run executes a claude -p invocation, streaming output to log files.
 // It retries up to 3 times on rate-limit errors using exponential backoff.
 // If the agent writes a question file and exits, Run returns *BlockedError.
+//
+// When project_dir is set and this is not a resume execution, Run clones the
+// project into a temp sandbox, runs the agent there, then merges committed
+// changes back to project_dir. On failure the sandbox is preserved and its
+// path is included in the error.
 func (r *ClaudeRunner) Run(ctx context.Context, t *task.Task, e *storage.Execution) error {
-	if t.Claude.WorkingDir != "" {
-		if _, err := os.Stat(t.Claude.WorkingDir); err != nil {
-			return fmt.Errorf("working_dir %q: %w", t.Claude.WorkingDir, err)
+	projectDir := t.Claude.ProjectDir
+
+	// Validate project_dir exists when set.
+	if projectDir != "" {
+		if _, err := os.Stat(projectDir); err != nil {
+			return fmt.Errorf("project_dir %q: %w", projectDir, err)
 		}
 	}
 
@@ -82,6 +90,20 @@ func (r *ClaudeRunner) Run(ctx context.Context, t *task.Task, e *storage.Executi
 		e.SessionID = e.ID // reuse execution UUID as session UUID (both are UUIDs)
 	}
 
+	// For new (non-resume) executions with a project_dir, clone into a sandbox.
+	// Resume executions run directly in project_dir to pick up the previous session.
+	var sandboxDir string
+	effectiveWorkingDir := projectDir
+	if projectDir != "" && e.ResumeSessionID == "" {
+		var err error
+		sandboxDir, err = setupSandbox(projectDir)
+		if err != nil {
+			return fmt.Errorf("setting up sandbox: %w", err)
+		}
+		effectiveWorkingDir = sandboxDir
+		r.Logger.Info("sandbox created", "sandbox", sandboxDir, "project_dir", projectDir)
+	}
+
 	questionFile := filepath.Join(logDir, "question.json")
 	args := r.buildArgs(t, e, questionFile)
 
@@ -95,9 +117,12 @@ func (r *ClaudeRunner) Run(ctx context.Context, t *task.Task, e *storage.Executi
 			)
 		}
 		attempt++
-		return r.execOnce(ctx, args, t.Claude.WorkingDir, e)
+		return r.execOnce(ctx, args, effectiveWorkingDir, e)
 	})
 	if err != nil {
+		if sandboxDir != "" {
+			return fmt.Errorf("%w (sandbox preserved at %s)", err, sandboxDir)
+		}
 		return err
 	}
 
@@ -105,8 +130,89 @@ func (r *ClaudeRunner) Run(ctx context.Context, t *task.Task, e *storage.Executi
 	data, readErr := os.ReadFile(questionFile)
 	if readErr == nil {
 		os.Remove(questionFile) // consumed
+		// Preserve sandbox on BLOCKED — agent may have partial work.
 		return &BlockedError{QuestionJSON: strings.TrimSpace(string(data)), SessionID: e.SessionID}
 	}
+
+	// Merge sandbox back to project_dir and clean up.
+	if sandboxDir != "" {
+		if mergeErr := teardownSandbox(projectDir, sandboxDir, r.Logger); mergeErr != nil {
+			return fmt.Errorf("sandbox teardown: %w (sandbox preserved at %s)", mergeErr, sandboxDir)
+		}
+	}
+	return nil
+}
+
+// setupSandbox prepares a temporary git clone of projectDir.
+// If projectDir is not a git repo it is initialised with an initial commit first.
+func setupSandbox(projectDir string) (string, error) {
+	// Ensure projectDir is a git repo; initialise if not.
+	check := exec.Command("git", "-C", projectDir, "rev-parse", "--git-dir")
+	if err := check.Run(); err != nil {
+		// Not a git repo — init and commit everything.
+		cmds := [][]string{
+			{"git", "-C", projectDir, "init"},
+			{"git", "-C", projectDir, "add", "-A"},
+			{"git", "-C", projectDir, "commit", "--allow-empty", "-m", "chore: initial commit"},
+		}
+		for _, args := range cmds {
+			if out, err := exec.Command(args[0], args[1:]...).CombinedOutput(); err != nil { //nolint:gosec
+				return "", fmt.Errorf("git init %s: %w\n%s", projectDir, err, out)
+			}
+		}
+	}
+
+	tempDir, err := os.MkdirTemp("", "claudomator-sandbox-*")
+	if err != nil {
+		return "", fmt.Errorf("creating sandbox dir: %w", err)
+	}
+
+	// Clone into the pre-created dir (git clone requires the target to not exist,
+	// so remove it first and let git recreate it).
+	if err := os.Remove(tempDir); err != nil {
+		return "", fmt.Errorf("removing temp dir placeholder: %w", err)
+	}
+	out, err := exec.Command("git", "clone", "--local", projectDir, tempDir).CombinedOutput()
+	if err != nil {
+		return "", fmt.Errorf("git clone: %w\n%s", err, out)
+	}
+	return tempDir, nil
+}
+
+// teardownSandbox verifies the sandbox is clean, merges commits back to
+// projectDir via fast-forward, then removes the sandbox.
+func teardownSandbox(projectDir, sandboxDir string, logger *slog.Logger) error {
+	// Fail if agent left uncommitted changes.
+	out, err := exec.Command("git", "-C", sandboxDir, "status", "--porcelain").Output()
+	if err != nil {
+		return fmt.Errorf("git status: %w", err)
+	}
+	if len(strings.TrimSpace(string(out))) > 0 {
+		return fmt.Errorf("uncommitted changes in sandbox (agent must commit all work):\n%s", out)
+	}
+
+	// Check whether there are any new commits to merge.
+	ahead, err := exec.Command("git", "-C", sandboxDir, "rev-list", "--count", "origin/HEAD..HEAD").Output()
+	if err != nil {
+		// No origin/HEAD (e.g. fresh init with no prior commits) — proceed anyway.
+		logger.Warn("could not determine commits ahead of origin; proceeding with merge", "err", err)
+	}
+	if strings.TrimSpace(string(ahead)) == "0" {
+		// Nothing to merge — clean up and return.
+		os.RemoveAll(sandboxDir)
+		return nil
+	}
+
+	// Fetch new commits from sandbox into project_dir and fast-forward merge.
+	if out, err := exec.Command("git", "-C", projectDir, "fetch", sandboxDir, "HEAD").CombinedOutput(); err != nil {
+		return fmt.Errorf("git fetch from sandbox: %w\n%s", err, out)
+	}
+	if out, err := exec.Command("git", "-C", projectDir, "merge", "--ff-only", "FETCH_HEAD").CombinedOutput(); err != nil {
+		return fmt.Errorf("git merge --ff-only FETCH_HEAD: %w\n%s", err, out)
+	}
+
+	logger.Info("sandbox merged and cleaned up", "sandbox", sandboxDir, "project_dir", projectDir)
+	os.RemoveAll(sandboxDir)
 	return nil
 }
 
diff --git a/internal/executor/claude_test.go b/internal/executor/claude_test.go
index 056c7e8..31dcf52 100644
--- a/internal/executor/claude_test.go
+++ b/internal/executor/claude_test.go
@@ -224,7 +224,7 @@ func TestClaudeRunner_Run_InaccessibleWorkingDir_ReturnsError(t *testing.T) {
 	}
 	tk := &task.Task{
 		Claude: task.ClaudeConfig{
-			WorkingDir:   "/nonexistent/path/does/not/exist",
+			ProjectDir:   "/nonexistent/path/does/not/exist",
 			SkipPlanning: true,
 		},
 	}
@@ -235,8 +235,8 @@ func TestClaudeRunner_Run_InaccessibleWorkingDir_ReturnsError(t *testing.T) {
 	if err == nil {
 		t.Fatal("expected error for inaccessible working_dir, got nil")
 	}
-	if !strings.Contains(err.Error(), "working_dir") {
-		t.Errorf("expected 'working_dir' in error, got: %v", err)
+	if !strings.Contains(err.Error(), "project_dir") {
+		t.Errorf("expected 'project_dir' in error, got: %v", err)
 	}
 }