fix jail script a bit

dotfiles/config.fish

@@ -8,6 +8,12 @@ if status is-login
     #keychain --eval $SSH_KEYS_TO_AUTOLOAD 2> /dev/null | source
 end
 
+functions -q real_cd; or functions -c cd real_cd
+function cd
+    set -g PREV_PWD
+    real_cd $argv
+end
+
 function __project_jail_chpwd --on-variable PWD
     if set -q NORECURSE
         set -e NORECURSE
@@ -18,9 +24,9 @@ function __project_jail_chpwd --on-variable PWD
     end
 
     if test -x ~/.local/bin/project-jail
+        set -l back "$PREV_PWD"
+        test -n "$back"; or set back "$HOME"
         if ~/.local/bin/project-jail
-            set -l back "$dirprev[1]"
-            test -n "$back"; or set back "$HOME"
             set -g NORECURSE
             cd "$back"
         end

dotfiles/project_jail.py

@@ -4,16 +4,12 @@
 # Supply chain attack mitigation.
 # Written by GPT-5.4 and adapted slightly by hand.
 
-from __future__ import annotations
-
 import json
 import os
 import shutil
-import subprocess
 import sys
 from pathlib import Path
 
-
 CONFIG_PATH = Path.home() / ".config" / "jails.json"
 MARKER_ENV = "IN_PROJECT_JAIL"
 
@@ -21,7 +17,8 @@ PROFILES = {
     "rust": [
         ("rw", "~/.cargo/bin"),
         ("rw", "~/.cargo/git"),
-        ("ro", "~/.gitconfig")
+        ("ro", "~/.gitconfig"),
+        ("ro", "~/.rustup")
     ],
     "node": [
         ("rw", "~/.npm"),
@@ -72,7 +69,7 @@ def build_bwrap_command(entry: dict, cwd: Path) -> list[str]:
 
     state_dir = Path(os.environ.get("XDG_STATE_HOME", home / ".local" / "state")) / "project-jails"
     sandbox_name = entry.get("name") or project_root.name
-    sandbox_home = state_dir / sandbox_name / "home"
+    sandbox_home = state_dir / sandbox_name / os.path.expanduser("~")
     sandbox_tmp = state_dir / sandbox_name / "tmp"
 
     ensure_dir(sandbox_home)
@@ -154,6 +151,7 @@ def build_bwrap_command(entry: dict, cwd: Path) -> list[str]:
         shell,
         "-i",
     ]
+    print(cmd)
     print(f"-> sandbox profile {entry['profile']} for {entry['name']}")
     return cmd