docs(02-02): complete env audit display plan
This commit is contained in:
parent
b035f82cc7
commit
64cb190b5d
1 changed files with 63 additions and 0 deletions
|
|
@ -0,0 +1,63 @@
|
||||||
|
---
|
||||||
|
phase: 02-env-audit-and-cli-polish
|
||||||
|
plan: 02
|
||||||
|
subsystem: cli
|
||||||
|
tags: [env-audit, masking, confirmation-prompt, ux]
|
||||||
|
dependency_graph:
|
||||||
|
requires: [02-01]
|
||||||
|
provides: [print_audit, mask_value, env-confirmation-prompt]
|
||||||
|
affects: []
|
||||||
|
tech_stack:
|
||||||
|
added: []
|
||||||
|
patterns: [associative-arrays-for-audit-tracking, ansi-color-with-no-color-support, tty-detection]
|
||||||
|
key_files:
|
||||||
|
modified: [claudebox.sh]
|
||||||
|
decisions:
|
||||||
|
- "export RED removed after Task 2 made it used -- shellcheck satisfied by actual usage not export"
|
||||||
|
- "read from /dev/tty for prompt input to handle piped stdin correctly"
|
||||||
|
- "mask_value shows first 7 + last 4 chars for values >11 chars, *** for shorter"
|
||||||
|
metrics:
|
||||||
|
duration: 2min
|
||||||
|
completed: "2026-04-09T15:21:40Z"
|
||||||
|
tasks: 2
|
||||||
|
files: 1
|
||||||
|
---
|
||||||
|
|
||||||
|
# Phase 02 Plan 02: Env Audit Display and Confirmation Prompt Summary
|
||||||
|
|
||||||
|
Pre-launch env audit with grouped sections (sandbox/host/extra), sensitive value masking, PATH splitting, and interactive Y/n confirmation with TTY detection.
|
||||||
|
|
||||||
|
## Completed Tasks
|
||||||
|
|
||||||
|
| # | Task | Commit | Key Changes |
|
||||||
|
|---|------|--------|-------------|
|
||||||
|
| 1 | Add parallel display arrays and env audit display function | `1c986d2` | ANSI colors with NO_COLOR support, mask_value(), AUDIT_*_KEYS/VALS arrays, print_audit() with grouped sections and PATH splitting |
|
||||||
|
| 2 | Add confirmation prompt with TTY detection | `b035f82` | Proceed? [Y/n] prompt, TTY check via [[ -t 0 ]], non-TTY abort with actionable error, guarded by SKIP_AUDIT and DRY_RUN |
|
||||||
|
|
||||||
|
## Deviations from Plan
|
||||||
|
|
||||||
|
### Auto-fixed Issues
|
||||||
|
|
||||||
|
**1. [Rule 3 - Blocking] shellcheck SC2034 for RED variable**
|
||||||
|
- **Found during:** Task 1
|
||||||
|
- **Issue:** RED was defined in ANSI color block but only used by Task 2's confirmation prompt code (not yet written)
|
||||||
|
- **Fix:** Temporarily added `export RED` to satisfy shellcheck, then removed it in Task 2 commit after RED gained actual usage
|
||||||
|
- **Files modified:** claudebox.sh
|
||||||
|
- **Commit:** `1c986d2` (added), `b035f82` (removed)
|
||||||
|
|
||||||
|
## Verification Results
|
||||||
|
|
||||||
|
- `nix build` succeeds (shellcheck clean)
|
||||||
|
- `grep -q mask_value claudebox.sh` -- present
|
||||||
|
- `grep -q print_audit claudebox.sh` -- present
|
||||||
|
- `grep -q 'Proceed.*Y/n' claudebox.sh` -- present
|
||||||
|
- `grep -q 'SKIP_AUDIT.*true' claudebox.sh` -- present
|
||||||
|
- Script flow order verified: flag parsing -> --check -> binary resolution -> env construction -> audit arrays -> audit+prompt -> dry-run -> exec bwrap
|
||||||
|
|
||||||
|
## Threat Surface Scan
|
||||||
|
|
||||||
|
T-02-03 mitigated: mask_value() auto-masks any var name matching *KEY*, *TOKEN*, *SECRET*, *PASSWORD*, *CREDENTIAL* (case-insensitive via ${name^^}).
|
||||||
|
T-02-04 mitigated: mask_value() applies to all displayed vars regardless of source category.
|
||||||
|
T-02-05 mitigated: non-TTY stdin aborts with error, never auto-proceeds.
|
||||||
|
|
||||||
|
## Self-Check: PASSED
|
||||||
Loading…
Add table
Reference in a new issue