toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Gsd/Phase 04 Auth Passthrough #1

Merged
toph merged 18 commits from gsd/phase-04-auth-passthrough into main 2026-04-10 12:27:33 +00:00
Conversation 0 Commits 18 Files changed 7 +24 -20
1 changed files with 24 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit def8e67126 - Show all commits

44
claudebox.sh
View file

@ -236,38 +236,42 @@ print_audit() {
echo "${BOLD}${CYAN}=== Sandbox Environment ===${RESET}" >&2 echo "${BOLD}${CYAN}=== Sandbox Environment ===${RESET}" >&2
echo "" >&2 echo "" >&2
# Sandbox-generated (D-01) # Unified env list: sandbox [~], host allowlisted [>], extra [+] (D-06, D-07, D-08, D-09, D-10)
echo "${BOLD}Sandbox-generated:${RESET}" >&2
for var in "${AUDIT_SANDBOX_KEYS[@]}"; do for var in "${AUDIT_SANDBOX_KEYS[@]}"; do
if [[ "$var" == "PATH" ]]; then if [[ "$var" == "PATH" ]]; then
echo " ${GREEN}PATH=${RESET}" >&2 echo " ${GREEN}[~]${RESET} PATH=" >&2
IFS=':' read -ra path_entries <<< "${AUDIT_SANDBOX_VALS[PATH]}" IFS=':' read -ra path_entries <<< "${AUDIT_SANDBOX_VALS[PATH]}"
for entry in "${path_entries[@]}"; do for entry in "${path_entries[@]}"; do
echo " ${DIM}${entry}${RESET}" >&2 echo " ${DIM}${entry}${RESET}" >&2
done done
else else
echo " ${GREEN}${var}=${RESET}$(mask_value "$var" "${AUDIT_SANDBOX_VALS[$var]}")" >&2 echo " ${GREEN}[~]${RESET} ${var}=$(mask_value "$var" "${AUDIT_SANDBOX_VALS[$var]}")" >&2
fi fi
done done
for var in "${AUDIT_HOST_KEYS[@]}"; do
echo " ${YELLOW}[>]${RESET} ${var}=$(mask_value "$var" "${AUDIT_HOST_VALS[$var]}")" >&2
done
for var in "${AUDIT_EXTRA_KEYS[@]}"; do
echo " ${CYAN}[+]${RESET} ${var}=$(mask_value "$var" "${AUDIT_EXTRA_VALS[$var]}")" >&2
done
echo "" >&2 echo "" >&2
# Host allowlisted (D-01) # Mounts section
if (( ${#AUDIT_HOST_KEYS[@]} > 0 )); then echo "${BOLD}Mounts:${RESET}" >&2
echo "${BOLD}Host (allowlisted):${RESET}" >&2 printf ' %-12s %s (read-write)\n' "CWD" "$CWD" >&2
for var in "${AUDIT_HOST_KEYS[@]}"; do printf ' %-12s %s (read-write)\n' "~/.claude" "$HOME/.claudebox" >&2
echo " ${YELLOW}${var}=${RESET}$(mask_value "$var" "${AUDIT_HOST_VALS[$var]}")" >&2 if [[ "$CREDS_MOUNT" == true ]]; then
done printf ' %-12s %s (read-write)\n' "credentials" "$HOME/.claude/.credentials.json" >&2
echo "" >&2
fi fi
# Extra from CLAUDEBOX_EXTRA_ENV (D-01) echo "" >&2
if (( ${#AUDIT_EXTRA_KEYS[@]} > 0 )); then
echo "${BOLD}Extra (CLAUDEBOX_EXTRA_ENV):${RESET}" >&2 # Network section (Phase 4 placeholder — full isolation comes in Phase 6)
for var in "${AUDIT_EXTRA_KEYS[@]}"; do echo "${BOLD}Network:${RESET}" >&2
echo " ${YELLOW}${var}=${RESET}$(mask_value "$var" "${AUDIT_EXTRA_VALS[$var]}")" >&2 echo " full (host network)" >&2
done
echo "" >&2
fi
} }
# Env audit and confirmation (D-05, D-06, D-07, UX-01, UX-02, UX-03) # Env audit and confirmation (D-05, D-06, D-07, UX-01, UX-02, UX-03)