1.5 KiB
1.5 KiB
| id | title | status | planted | trigger |
|---|---|---|---|---|
| SEED-002 | eBPF network session logging | planted | 2026-04-09 | observability or auditing milestone |
Idea
Use eBPF to trace network connections made inside the bwrap sandbox during a Claude Code session. Produces a retrospective log of all outbound connections (DNS lookups, HTTP endpoints, WebSocket connections) so the user can audit what the AI agent actually talked to.
Why
The current sandbox hides secrets and restricts filesystem access, but network activity inside the sandbox is opaque. You can't tell post-hoc whether Claude Code connected to unexpected endpoints, leaked data to third-party MCP servers, or made API calls you didn't expect.
When This Becomes Relevant
- When claudebox is stable enough that the next concern shifts from "does it work" to "what is it doing"
- When an observability/auditing phase is planned
- When MCP server connections inside the sandbox become common (more network surface area)
Rough Shape
- Attach eBPF probes to the bwrap namespace (connect(), sendto(), dns resolution)
- Log to a structured file in ~/.claudebox/sessions/{timestamp}.log
claudebox --audit-logto view the last session's network activity- Optionally: real-time display with
claudebox --watch-network
Open Questions
- Does bwrap's PID namespace make eBPF attachment straightforward or painful?
- Should this be a separate tool (
claudebox-audit) or integrated into the main script? - How to handle Nix store paths in the eBPF program (needs nix tooling or prebuilt binary)