From def8e6712681f0a7d44bff789e3525902051e868 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christopher=20M=C3=BChl?= Date: Fri, 10 Apr 2026 09:21:15 +0000 Subject: [PATCH] feat(04-01): rewrite print_audit to unified env list with Mounts and Network sections - Replace three-section audit with single unified list using [~]/[>]/[+] prefixes - [~] green = sandbox-generated, [>] yellow = host allowlisted, [+] cyan = extra - Prefixes are readable without color (accessibility requirement) - PATH retains multiline indented display - Add Mounts section: CWD, ~/.claude, and conditional credentials bind - Add Network section: 'full (host network)' as Phase 6 placeholder - All output to stderr, mask_value called for all env var values --- claudebox.sh | 44 ++++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/claudebox.sh b/claudebox.sh index ea4bb7b..1a1a02c 100644 --- a/claudebox.sh +++ b/claudebox.sh @@ -236,38 +236,42 @@ print_audit() { echo "${BOLD}${CYAN}=== Sandbox Environment ===${RESET}" >&2 echo "" >&2 - # Sandbox-generated (D-01) - echo "${BOLD}Sandbox-generated:${RESET}" >&2 + # Unified env list: sandbox [~], host allowlisted [>], extra [+] (D-06, D-07, D-08, D-09, D-10) for var in "${AUDIT_SANDBOX_KEYS[@]}"; do if [[ "$var" == "PATH" ]]; then - echo " ${GREEN}PATH=${RESET}" >&2 + echo " ${GREEN}[~]${RESET} PATH=" >&2 IFS=':' read -ra path_entries <<< "${AUDIT_SANDBOX_VALS[PATH]}" for entry in "${path_entries[@]}"; do - echo " ${DIM}${entry}${RESET}" >&2 + echo " ${DIM}${entry}${RESET}" >&2 done else - echo " ${GREEN}${var}=${RESET}$(mask_value "$var" "${AUDIT_SANDBOX_VALS[$var]}")" >&2 + echo " ${GREEN}[~]${RESET} ${var}=$(mask_value "$var" "${AUDIT_SANDBOX_VALS[$var]}")" >&2 fi done + + for var in "${AUDIT_HOST_KEYS[@]}"; do + echo " ${YELLOW}[>]${RESET} ${var}=$(mask_value "$var" "${AUDIT_HOST_VALS[$var]}")" >&2 + done + + for var in "${AUDIT_EXTRA_KEYS[@]}"; do + echo " ${CYAN}[+]${RESET} ${var}=$(mask_value "$var" "${AUDIT_EXTRA_VALS[$var]}")" >&2 + done + echo "" >&2 - # Host allowlisted (D-01) - if (( ${#AUDIT_HOST_KEYS[@]} > 0 )); then - echo "${BOLD}Host (allowlisted):${RESET}" >&2 - for var in "${AUDIT_HOST_KEYS[@]}"; do - echo " ${YELLOW}${var}=${RESET}$(mask_value "$var" "${AUDIT_HOST_VALS[$var]}")" >&2 - done - echo "" >&2 + # Mounts section + echo "${BOLD}Mounts:${RESET}" >&2 + printf ' %-12s %s (read-write)\n' "CWD" "$CWD" >&2 + printf ' %-12s %s (read-write)\n' "~/.claude" "$HOME/.claudebox" >&2 + if [[ "$CREDS_MOUNT" == true ]]; then + printf ' %-12s %s (read-write)\n' "credentials" "$HOME/.claude/.credentials.json" >&2 fi - # Extra from CLAUDEBOX_EXTRA_ENV (D-01) - if (( ${#AUDIT_EXTRA_KEYS[@]} > 0 )); then - echo "${BOLD}Extra (CLAUDEBOX_EXTRA_ENV):${RESET}" >&2 - for var in "${AUDIT_EXTRA_KEYS[@]}"; do - echo " ${YELLOW}${var}=${RESET}$(mask_value "$var" "${AUDIT_EXTRA_VALS[$var]}")" >&2 - done - echo "" >&2 - fi + echo "" >&2 + + # Network section (Phase 4 placeholder — full isolation comes in Phase 6) + echo "${BOLD}Network:${RESET}" >&2 + echo " full (host network)" >&2 } # Env audit and confirmation (D-05, D-06, D-07, UX-01, UX-02, UX-03)