{ pkgs ? import <nixpkgs> {} }:

pkgs.mkShell {
  buildInputs = [
    pkgs.prismlauncher
    pkgs.github-desktop
    pkgs.bubblewrap
  ];

  shellHook = ''
    mkdir -p .sandbox-home/.config/github-desktop
    mkdir -p .sandbox-home/.config/PrismLauncher

    sandboxed_run() {
      local app_path="$(command -v "$1")"
      echo "Launching $1 from $app_path in sandboxed environment..."

      bwrap \
        --dev-bind / / \
        --bind "$(pwd)/.sandbox-home" /home \
        --bind "$(pwd)/.." /home/workspace \
        --setenv HOME /home \
        --setenv LANG en_US.UTF-8 \
        --setenv LC_ALL en_US.UTF-8 \
        --setenv DISPLAY "$DISPLAY" \
        --setenv WAYLAND_DISPLAY "$WAYLAND_DISPLAY" \
        --setenv XDG_RUNTIME_DIR "$XDG_RUNTIME_DIR" \
        --setenv PATH "$PATH" \
        "$app_path" &
    }

    sandboxed_run github-desktop
    sandboxed_run prismlauncher

    echo "Both applications launched in sandboxed writable .sandbox-home. Type 'exit' to quit this shell."
  '';
}