diff --git a/claudebox.sh b/claudebox.sh
index ea4bb7b..1a1a02c 100644
--- a/claudebox.sh
+++ b/claudebox.sh
@@ -236,38 +236,42 @@ print_audit() {
   echo "${BOLD}${CYAN}=== Sandbox Environment ===${RESET}" >&2
   echo "" >&2
 
-  # Sandbox-generated (D-01)
-  echo "${BOLD}Sandbox-generated:${RESET}" >&2
+  # Unified env list: sandbox [~], host allowlisted [>], extra [+] (D-06, D-07, D-08, D-09, D-10)
   for var in "${AUDIT_SANDBOX_KEYS[@]}"; do
     if [[ "$var" == "PATH" ]]; then
-      echo "  ${GREEN}PATH=${RESET}" >&2
+      echo "  ${GREEN}[~]${RESET} PATH=" >&2
       IFS=':' read -ra path_entries <<< "${AUDIT_SANDBOX_VALS[PATH]}"
       for entry in "${path_entries[@]}"; do
-        echo "    ${DIM}${entry}${RESET}" >&2
+        echo "        ${DIM}${entry}${RESET}" >&2
       done
     else
-      echo "  ${GREEN}${var}=${RESET}$(mask_value "$var" "${AUDIT_SANDBOX_VALS[$var]}")" >&2
+      echo "  ${GREEN}[~]${RESET} ${var}=$(mask_value "$var" "${AUDIT_SANDBOX_VALS[$var]}")" >&2
     fi
   done
+
+  for var in "${AUDIT_HOST_KEYS[@]}"; do
+    echo "  ${YELLOW}[>]${RESET} ${var}=$(mask_value "$var" "${AUDIT_HOST_VALS[$var]}")" >&2
+  done
+
+  for var in "${AUDIT_EXTRA_KEYS[@]}"; do
+    echo "  ${CYAN}[+]${RESET} ${var}=$(mask_value "$var" "${AUDIT_EXTRA_VALS[$var]}")" >&2
+  done
+
   echo "" >&2
 
-  # Host allowlisted (D-01)
-  if (( ${#AUDIT_HOST_KEYS[@]} > 0 )); then
-    echo "${BOLD}Host (allowlisted):${RESET}" >&2
-    for var in "${AUDIT_HOST_KEYS[@]}"; do
-      echo "  ${YELLOW}${var}=${RESET}$(mask_value "$var" "${AUDIT_HOST_VALS[$var]}")" >&2
-    done
-    echo "" >&2
+  # Mounts section
+  echo "${BOLD}Mounts:${RESET}" >&2
+  printf '  %-12s %s   (read-write)\n' "CWD" "$CWD" >&2
+  printf '  %-12s %s   (read-write)\n' "~/.claude" "$HOME/.claudebox" >&2
+  if [[ "$CREDS_MOUNT" == true ]]; then
+    printf '  %-12s %s   (read-write)\n' "credentials" "$HOME/.claude/.credentials.json" >&2
   fi
 
-  # Extra from CLAUDEBOX_EXTRA_ENV (D-01)
-  if (( ${#AUDIT_EXTRA_KEYS[@]} > 0 )); then
-    echo "${BOLD}Extra (CLAUDEBOX_EXTRA_ENV):${RESET}" >&2
-    for var in "${AUDIT_EXTRA_KEYS[@]}"; do
-      echo "  ${YELLOW}${var}=${RESET}$(mask_value "$var" "${AUDIT_EXTRA_VALS[$var]}")" >&2
-    done
-    echo "" >&2
-  fi
+  echo "" >&2
+
+  # Network section (Phase 4 placeholder — full isolation comes in Phase 6)
+  echo "${BOLD}Network:${RESET}" >&2
+  echo "  full (host network)" >&2
 }
 
 # Env audit and confirmation (D-05, D-06, D-07, UX-01, UX-02, UX-03)