3 KiB
Phase 2: Env Audit and CLI Polish - Discussion Log
Audit trail only. Do not use as input to planning, research, or execution agents. Decisions are captured in CONTEXT.md — this log preserves the alternatives considered.
Date: 2026-04-09 Phase: 02-env-audit-and-cli-polish Areas discussed: Env audit display format, Confirmation and non-interactive behavior
Env Audit Display Format
Grouping
| Option | Description | Selected |
|---|---|---|
| Grouped by source | Three sections: Sandbox-generated, Host (allowlisted), Extra (CLAUDEBOX_EXTRA_ENV) | ✓ |
| Flat key=value list | Simple sorted list, no categories | |
| You decide | Claude's discretion |
User's choice: Grouped by source
Notes: User wants PATH split by : with one entry per line. Wants automatic spacing and color coding.
Color/Formatting
| Option | Description | Selected |
|---|---|---|
| gum (Charm TUI) | Rich formatting, handles terminal detection, adds ~15MB | |
| Plain ANSI codes | printf with escape sequences, zero dependencies | ✓ |
| You decide | Claude's discretion |
User's choice: Plain ANSI codes Notes: User initially considered gum but chose zero-dependency approach.
Value Masking
| Option | Description | Selected |
|---|---|---|
| Mask sensitive values | Pattern-match on var name, show first 7 + last 4 chars | ✓ |
| Show full values | Display everything as-is | |
| You decide | Claude's discretion |
User's choice: Mask sensitive values Notes: User asked about dependency for secret detection. Decided pattern-matching on var names is sufficient.
Masking Approach
| Option | Description | Selected |
|---|---|---|
| Pattern-match var names | Regex: KEY, TOKEN, SECRET, PASSWORD, CREDENTIAL | ✓ |
| Hardcoded list | Only mask ANTHROPIC_API_KEY specifically |
User's choice: Pattern-match var names
Confirmation and Non-Interactive Behavior
Prompt Style
| Option | Description | Selected |
|---|---|---|
| y/N prompt | Default abort, user must type 'y' | |
| Y/n prompt | Default proceed, Enter launches | ✓ |
| You decide | Claude's discretion |
User's choice: Y/n prompt (default proceed)
Non-TTY Behavior
| Option | Description | Selected |
|---|---|---|
| Auto-proceed | Behave as if --yes in non-interactive | |
| Abort if no TTY | Refuse to run without explicit --yes | ✓ |
| You decide | Claude's discretion |
User's choice: Abort if no TTY — forces scripts to opt-in with --yes
Output Destination
| Option | Description | Selected |
|---|---|---|
| stderr | Audit and prompt to stderr, stdout clean | ✓ |
| stdout | Everything to stdout |
User's choice: stderr
Claude's Discretion
--dry-runoutput format--checkdiagnostic depth and format- Exact ANSI color choices
- Flag parsing order
Deferred Ideas
None