toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(04-01): rewrite print_audit to unified env list with Mounts and Network sections

Browse source 
- Replace three-section audit with single unified list using [~]/[>]/[+] prefixes
- [~] green = sandbox-generated, [>] yellow = host allowlisted, [+] cyan = extra
- Prefixes are readable without color (accessibility requirement)
- PATH retains multiline indented display
- Add Mounts section: CWD, ~/.claude, and conditional credentials bind
- Add Network section: 'full (host network)' as Phase 6 placeholder
- All output to stderr, mask_value called for all env var values
This commit is contained in:
Christopher Mühl 2026-04-10 09:21:15 +00:00
parent 6465da8583
commit def8e67126
1 changed files with 24 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
claudebox.sh
View file

@ -236,38 +236,42 @@ print_audit() {
echo "${BOLD}${CYAN}=== Sandbox Environment ===${RESET}" >&2 echo "${BOLD}${CYAN}=== Sandbox Environment ===${RESET}" >&2
echo "" >&2 echo "" >&2
# Sandbox-generated (D-01) # Unified env list: sandbox [~], host allowlisted [>], extra [+] (D-06, D-07, D-08, D-09, D-10)
echo "${BOLD}Sandbox-generated:${RESET}" >&2
for var in "${AUDIT_SANDBOX_KEYS[@]}"; do for var in "${AUDIT_SANDBOX_KEYS[@]}"; do
if [[ "$var" == "PATH" ]]; then if [[ "$var" == "PATH" ]]; then
echo " ${GREEN}PATH=${RESET}" >&2 echo " ${GREEN}[~]${RESET} PATH=" >&2
IFS=':' read -ra path_entries <<< "${AUDIT_SANDBOX_VALS[PATH]}" IFS=':' read -ra path_entries <<< "${AUDIT_SANDBOX_VALS[PATH]}"
for entry in "${path_entries[@]}"; do for entry in "${path_entries[@]}"; do
echo " ${DIM}${entry}${RESET}" >&2 echo " ${DIM}${entry}${RESET}" >&2
done done
else else
echo " ${GREEN}${var}=${RESET}$(mask_value "$var" "${AUDIT_SANDBOX_VALS[$var]}")" >&2 echo " ${GREEN}[~]${RESET} ${var}=$(mask_value "$var" "${AUDIT_SANDBOX_VALS[$var]}")" >&2
fi fi
done done
for var in "${AUDIT_HOST_KEYS[@]}"; do
echo " ${YELLOW}[>]${RESET} ${var}=$(mask_value "$var" "${AUDIT_HOST_VALS[$var]}")" >&2
done
for var in "${AUDIT_EXTRA_KEYS[@]}"; do
echo " ${CYAN}[+]${RESET} ${var}=$(mask_value "$var" "${AUDIT_EXTRA_VALS[$var]}")" >&2
done
echo "" >&2 echo "" >&2
# Host allowlisted (D-01) # Mounts section
if (( ${#AUDIT_HOST_KEYS[@]} > 0 )); then echo "${BOLD}Mounts:${RESET}" >&2
echo "${BOLD}Host (allowlisted):${RESET}" >&2 printf ' %-12s %s (read-write)\n' "CWD" "$CWD" >&2
for var in "${AUDIT_HOST_KEYS[@]}"; do printf ' %-12s %s (read-write)\n' "~/.claude" "$HOME/.claudebox" >&2
echo " ${YELLOW}${var}=${RESET}$(mask_value "$var" "${AUDIT_HOST_VALS[$var]}")" >&2 if [[ "$CREDS_MOUNT" == true ]]; then
done printf ' %-12s %s (read-write)\n' "credentials" "$HOME/.claude/.credentials.json" >&2
echo "" >&2
fi fi
# Extra from CLAUDEBOX_EXTRA_ENV (D-01) echo "" >&2
if (( ${#AUDIT_EXTRA_KEYS[@]} > 0 )); then
echo "${BOLD}Extra (CLAUDEBOX_EXTRA_ENV):${RESET}" >&2 # Network section (Phase 4 placeholder — full isolation comes in Phase 6)
for var in "${AUDIT_EXTRA_KEYS[@]}"; do echo "${BOLD}Network:${RESET}" >&2
echo " ${YELLOW}${var}=${RESET}$(mask_value "$var" "${AUDIT_EXTRA_VALS[$var]}")" >&2 echo " full (host network)" >&2
done
echo "" >&2
fi
} }
# Env audit and confirmation (D-05, D-06, D-07, UX-01, UX-02, UX-03) # Env audit and confirmation (D-05, D-06, D-07, UX-01, UX-02, UX-03)