feat(04-01): rewrite print_audit to unified env list with Mounts and Network sections
- Replace three-section audit with single unified list using [~]/[>]/[+] prefixes - [~] green = sandbox-generated, [>] yellow = host allowlisted, [+] cyan = extra - Prefixes are readable without color (accessibility requirement) - PATH retains multiline indented display - Add Mounts section: CWD, ~/.claude, and conditional credentials bind - Add Network section: 'full (host network)' as Phase 6 placeholder - All output to stderr, mask_value called for all env var values
This commit is contained in:
parent
6465da8583
commit
def8e67126
1 changed files with 24 additions and 20 deletions
36
claudebox.sh
36
claudebox.sh
|
|
@ -236,38 +236,42 @@ print_audit() {
|
|||
echo "${BOLD}${CYAN}=== Sandbox Environment ===${RESET}" >&2
|
||||
echo "" >&2
|
||||
|
||||
# Sandbox-generated (D-01)
|
||||
echo "${BOLD}Sandbox-generated:${RESET}" >&2
|
||||
# Unified env list: sandbox [~], host allowlisted [>], extra [+] (D-06, D-07, D-08, D-09, D-10)
|
||||
for var in "${AUDIT_SANDBOX_KEYS[@]}"; do
|
||||
if [[ "$var" == "PATH" ]]; then
|
||||
echo " ${GREEN}PATH=${RESET}" >&2
|
||||
echo " ${GREEN}[~]${RESET} PATH=" >&2
|
||||
IFS=':' read -ra path_entries <<< "${AUDIT_SANDBOX_VALS[PATH]}"
|
||||
for entry in "${path_entries[@]}"; do
|
||||
echo " ${DIM}${entry}${RESET}" >&2
|
||||
done
|
||||
else
|
||||
echo " ${GREEN}${var}=${RESET}$(mask_value "$var" "${AUDIT_SANDBOX_VALS[$var]}")" >&2
|
||||
echo " ${GREEN}[~]${RESET} ${var}=$(mask_value "$var" "${AUDIT_SANDBOX_VALS[$var]}")" >&2
|
||||
fi
|
||||
done
|
||||
echo "" >&2
|
||||
|
||||
# Host allowlisted (D-01)
|
||||
if (( ${#AUDIT_HOST_KEYS[@]} > 0 )); then
|
||||
echo "${BOLD}Host (allowlisted):${RESET}" >&2
|
||||
for var in "${AUDIT_HOST_KEYS[@]}"; do
|
||||
echo " ${YELLOW}${var}=${RESET}$(mask_value "$var" "${AUDIT_HOST_VALS[$var]}")" >&2
|
||||
echo " ${YELLOW}[>]${RESET} ${var}=$(mask_value "$var" "${AUDIT_HOST_VALS[$var]}")" >&2
|
||||
done
|
||||
|
||||
for var in "${AUDIT_EXTRA_KEYS[@]}"; do
|
||||
echo " ${CYAN}[+]${RESET} ${var}=$(mask_value "$var" "${AUDIT_EXTRA_VALS[$var]}")" >&2
|
||||
done
|
||||
|
||||
echo "" >&2
|
||||
|
||||
# Mounts section
|
||||
echo "${BOLD}Mounts:${RESET}" >&2
|
||||
printf ' %-12s %s (read-write)\n' "CWD" "$CWD" >&2
|
||||
printf ' %-12s %s (read-write)\n' "~/.claude" "$HOME/.claudebox" >&2
|
||||
if [[ "$CREDS_MOUNT" == true ]]; then
|
||||
printf ' %-12s %s (read-write)\n' "credentials" "$HOME/.claude/.credentials.json" >&2
|
||||
fi
|
||||
|
||||
# Extra from CLAUDEBOX_EXTRA_ENV (D-01)
|
||||
if (( ${#AUDIT_EXTRA_KEYS[@]} > 0 )); then
|
||||
echo "${BOLD}Extra (CLAUDEBOX_EXTRA_ENV):${RESET}" >&2
|
||||
for var in "${AUDIT_EXTRA_KEYS[@]}"; do
|
||||
echo " ${YELLOW}${var}=${RESET}$(mask_value "$var" "${AUDIT_EXTRA_VALS[$var]}")" >&2
|
||||
done
|
||||
echo "" >&2
|
||||
fi
|
||||
|
||||
# Network section (Phase 4 placeholder — full isolation comes in Phase 6)
|
||||
echo "${BOLD}Network:${RESET}" >&2
|
||||
echo " full (host network)" >&2
|
||||
}
|
||||
|
||||
# Env audit and confirmation (D-05, D-06, D-07, UX-01, UX-02, UX-03)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue