Fix the ssh logging level.
Currently the ssh commands is printed every time on an ssh connection.
While seeing the command is useful, we should print this when running
clan with the `--debug` flag.
Add a `require_flake` function that checks, if no argument is passed, if
we are in a clan directory.
If not will throw a helpful error.
Before `clan show`:
```
Traceback (most recent call last):
File "/nix/store/8kb3l3yvz6svygnxdlrw5lmd3h3chc8a-clan-cli/bin/.clan-wrapped", line 9, in <module>
sys.exit(main())
~~~~^^
File "/nix/store/8kb3l3yvz6svygnxdlrw5lmd3h3chc8a-clan-cli/lib/python3.13/site-packages/clan_cli/cli.py", line 493, in main
args.func(args)
~~~~~~~~~^^^^^^
File "/nix/store/8kb3l3yvz6svygnxdlrw5lmd3h3chc8a-clan-cli/lib/python3.13/site-packages/clan_cli/clan/show.py", line 12, in show_command
meta = get_clan_details(flake)
File "/nix/store/8kb3l3yvz6svygnxdlrw5lmd3h3chc8a-clan-cli/lib/python3.13/site-packages/clan_lib/clan/get.py", line 22, in get_clan_details
if flake.is_local and not flake.path.exists():
^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'is_local'
```
with `require_flake`:
```
No clan flake found in the current directory or its parents - Use the --flake flag to specify a clan flake path or URL
```
Changed sandbox_exec_cmd to return a context manager that automatically
handles profile file cleanup. This ensures the temporary profile is
always removed, even if exceptions occur.
Adds macOS sandboxing support similar to Linux bubblewrap implementation:
- Created clan_lib/sandbox_exec module with sandbox profile creation
- Implemented file system isolation allowing only tmpdir and nix store access
- Added network restrictions (deny outbound except localhost)
- Integrated sandbox-exec command into vars generation on macOS
- Added comprehensive test suite for macOS sandbox functionality
- Fixed working directory handling for generators writing to CWD
Stores now get machine context from generator objects instead of storing
it internally. This enables future machine-independent generators and
reduces coupling.
- StoreBase.__init__ only takes flake parameter
- Store methods receive machine as explicit parameter
- Fixed all callers to pass machine context
