Security improvements: per-group session isolation, remove built-in Gmail

- Isolate Claude sessions per-group (data/sessions/{group}/.claude/) to prevent cross-group access to conversation history - Remove Gmail MCP from built-in (now available via /add-gmail skill) - Add SECURITY.md documenting the security model - Move docs to docs/ folder (SPEC.md, REQUIREMENTS.md, SECURITY.md) - Update documentation to reflect changes Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 00:07:45 +02:00
parent 22eb525805
commit 05a29d562f
10 changed files with 153 additions and 100 deletions
--- a/src/container-runner.ts
+++ b/src/container-runner.ts
@@ -96,25 +96,15 @@ function buildVolumeMounts(group: RegisteredGroup, isMain: boolean): VolumeMount
    }
  }

-  // Claude sessions directory (for session persistence)
-  // Container runs as 'node' user with HOME=/home/node
-  const claudeDir = path.join(homeDir, '.claude');
-  if (fs.existsSync(claudeDir)) {
-    mounts.push({
-      hostPath: claudeDir,
-      containerPath: '/home/node/.claude',
-      readonly: false
-    });
-  }
-
-  const gmailDir = path.join(homeDir, '.gmail-mcp');
-  if (fs.existsSync(gmailDir)) {
-    mounts.push({
-      hostPath: gmailDir,
-      containerPath: '/home/node/.gmail-mcp',
-      readonly: false
-    });
-  }
+  // Per-group Claude sessions directory (isolated from other groups)
+  // Each group gets their own .claude/ to prevent cross-group session access
+  const groupSessionsDir = path.join(DATA_DIR, 'sessions', group.folder, '.claude');
+  fs.mkdirSync(groupSessionsDir, { recursive: true });
+  mounts.push({
+    hostPath: groupSessionsDir,
+    containerPath: '/home/node/.claude',
+    readonly: false
+  });

  // Per-group IPC namespace: each group gets its own IPC directory
  // This prevents cross-group privilege escalation via IPC