Christopher Mühl
c5e8cca867
- Replace --bind ~/.claudebox + --symlink with direct --bind ~/.claude ~/.claude - Add compute_canonical_root() function using git rev-parse --git-common-dir - Add per-project INSTANCE_DIR via sha256sum[:16] of canonical git root - Overlay projects/ with per-project hash dir for isolated conversation history - Overlay history.jsonl and SANDBOX.md as file-level bind mounts - Update credential mount target from ~/.claudebox to ~/.claude - Add CLAUDE_JSON_FILE (~/.claude.json) detection and conditional bind mount - Remove stale CLAUDE.md injection logic (D-06: user's real CLAUDE.md used) - Update dry-run block and print_audit to reflect new mount layout - Update SANDBOX.md heredoc to remove ~/.claudebox reference
3 KiB
Phase 2: Env Audit and CLI Polish - Discussion Log
Audit trail only. Do not use as input to planning, research, or execution agents. Decisions are captured in CONTEXT.md — this log preserves the alternatives considered.
Date: 2026-04-09 Phase: 02-env-audit-and-cli-polish Areas discussed: Env audit display format, Confirmation and non-interactive behavior
Env Audit Display Format
Grouping
| Option | Description | Selected |
|---|---|---|
| Grouped by source | Three sections: Sandbox-generated, Host (allowlisted), Extra (CLAUDEBOX_EXTRA_ENV) | ✓ |
| Flat key=value list | Simple sorted list, no categories | |
| You decide | Claude's discretion |
User's choice: Grouped by source
Notes: User wants PATH split by : with one entry per line. Wants automatic spacing and color coding.
Color/Formatting
| Option | Description | Selected |
|---|---|---|
| gum (Charm TUI) | Rich formatting, handles terminal detection, adds ~15MB | |
| Plain ANSI codes | printf with escape sequences, zero dependencies | ✓ |
| You decide | Claude's discretion |
User's choice: Plain ANSI codes Notes: User initially considered gum but chose zero-dependency approach.
Value Masking
| Option | Description | Selected |
|---|---|---|
| Mask sensitive values | Pattern-match on var name, show first 7 + last 4 chars | ✓ |
| Show full values | Display everything as-is | |
| You decide | Claude's discretion |
User's choice: Mask sensitive values Notes: User asked about dependency for secret detection. Decided pattern-matching on var names is sufficient.
Masking Approach
| Option | Description | Selected |
|---|---|---|
| Pattern-match var names | Regex: KEY, TOKEN, SECRET, PASSWORD, CREDENTIAL | ✓ |
| Hardcoded list | Only mask ANTHROPIC_API_KEY specifically |
User's choice: Pattern-match var names
Confirmation and Non-Interactive Behavior
Prompt Style
| Option | Description | Selected |
|---|---|---|
| y/N prompt | Default abort, user must type 'y' | |
| Y/n prompt | Default proceed, Enter launches | ✓ |
| You decide | Claude's discretion |
User's choice: Y/n prompt (default proceed)
Non-TTY Behavior
| Option | Description | Selected |
|---|---|---|
| Auto-proceed | Behave as if --yes in non-interactive | |
| Abort if no TTY | Refuse to run without explicit --yes | ✓ |
| You decide | Claude's discretion |
User's choice: Abort if no TTY — forces scripts to opt-in with --yes
Output Destination
| Option | Description | Selected |
|---|---|---|
| stderr | Audit and prompt to stderr, stdout clean | ✓ |
| stdout | Everything to stdout |
User's choice: stderr
Claude's Discretion
--dry-runoutput format--checkdiagnostic depth and format- Exact ANSI color choices
- Flag parsing order
Deferred Ideas
None