toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Gsd/Phase 04 Auth Passthrough #1

Merged
toph merged 18 commits from gsd/phase-04-auth-passthrough into main 2026-04-10 12:27:33 +00:00
Conversation 0 Commits 18 Files changed 7 +543 -55

18 commits

Author SHA1 Message Date
Christopher Mühl
d106d1be5c fix: replace tilde with \$HOME in printf label (SC2088) 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-10 12:26:35 +00:00
Christopher Mühl
f40959c74f docs(phase-04): complete phase execution — credential passthrough + audit redesign 2026-04-10 09:33:55 +00:00
Christopher Mühl
aa3c57a417 docs(04): add phase verification — all must-haves passed 2026-04-10 09:33:46 +00:00
Christopher Mühl
de4549c3f2 fix(04): revert credentials to read-write mount per plan D-02; add AUTH-01/AUTH-02 to requirements 2026-04-10 09:32:14 +00:00
Christopher Mühl
390812625d docs(04): add code review fix report 2026-04-10 09:28:11 +00:00
Christopher Mühl
0922b752a5 fix(04): WR-02 add stride-3 guard and safe arithmetic in dry-run ENV_ARGS loop 2026-04-10 09:27:39 +00:00
Christopher Mühl
adb9dd117d fix(04): CR-01 CR-02 WR-01 fix credential path and use read-only bind mount 2026-04-10 09:27:18 +00:00
Christopher Mühl
112f604856 docs(04): add code review report 2026-04-10 09:25:49 +00:00
Christopher Mühl
20fbd3f7d3 docs(04-01): complete credential mount and audit redesign plan 
- Add 04-01-SUMMARY.md with task details, decisions, deviations, threat flags
 2026-04-10 09:22:02 +00:00
Christopher Mühl
def8e67126 feat(04-01): rewrite print_audit to unified env list with Mounts and Network sections 
- Replace three-section audit with single unified list using [~]/[>]/[+] prefixes
- [~] green = sandbox-generated, [>] yellow = host allowlisted, [+] cyan = extra
- Prefixes are readable without color (accessibility requirement)
- PATH retains multiline indented display
- Add Mounts section: CWD, ~/.claude, and conditional credentials bind
- Add Network section: 'full (host network)' as Phase 6 placeholder
- All output to stderr, mask_value called for all env var values
 2026-04-10 09:21:15 +00:00
Christopher Mühl
6465da8583 feat(04-01): add credential file mount for OAuth passthrough 
- Add CREDS_FILE/CREDS_MOUNT detection after mkdir ~/.claudebox
- Conditional --bind in exec bwrap via BWRAP_ARGS array
- Mirror conditional bind in --dry-run display block
- Read-write mount (not ro-bind) for OAuth token refresh
- Silent skip when credentials file absent (no error/warning)
- Refactor exec bwrap to BWRAP_ARGS array for conditional mount support
 2026-04-10 09:20:18 +00:00
Christopher Mühl
40e40e3f30 docs(04): create phase 4 plan — credential mount and audit redesign 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-10 09:11:05 +00:00
Christopher Mühl
41bd51ed42 docs(04): capture phase context and discussion log 2026-04-10 09:06:17 +00:00
Christopher Mühl
4852696b95 docs: create milestone v2.0 roadmap (4 phases) 2026-04-10 08:56:58 +00:00
Christopher Mühl
7d4bf28c07 docs: define milestone v2.0 requirements 2026-04-10 08:52:20 +00:00
Christopher Mühl
b2ece43a03 docs: complete v2.0 project research 2026-04-10 08:45:25 +00:00
Christopher Mühl
3dfcb40e31 docs: start milestone v2.0 Network Isolation & Profiles 2026-04-10 08:30:13 +00:00
Christopher Mühl
ee686a36eb chore: complete v1.0 MVP milestone 
Archive milestone artifacts, evolve PROJECT.md, reorganize ROADMAP.md,
write retrospective. Requirements archived to milestones/v1.0-REQUIREMENTS.md.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-10 08:05:53 +00:00