mrtoth/agent-sandbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Filter environment variables in both sandbox modes

Browse Source 
Whitelist mode now clears the parent env and re-adds a small allowlist
(identity, terminal, locale, proxy, non-GUI XDG, vendor prefixes).
Blacklist mode strips cloud credentials, backup passphrases, dangling
socket pointers, and anything matching *_TOKEN, *_SECRET, *_PASSWORD,
*_PASSPHRASE, *_API_KEY, *_PRIVATE_KEY, *_CLIENT_SECRET; vendor prefix
carve-outs keep ANTHROPIC_API_KEY and friends.

Users can override via --setenv KEY=VALUE and --unsetenv KEY (and the
corresponding TOML keys), or opt out of the built-in policy entirely
with --no-env-filter.
This commit is contained in:
Kristóf Tóth
2026-04-08 09:22:11 +02:00
parent 12644ae31e
commit 25f0037aab
8 changed files with 638 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config-example.toml
View File

@@ -12,6 +12,8 @@ rw = [
"~/.cargo",
"~/.rustup",
]
setenv = { DATABASE_URL = "postgres://localhost/dev" }
unsetenv = ["HTTP_PROXY", "HTTPS_PROXY"]
entrypoint = ["claude", "--dangerously-skip-permissions"]
[profile.blacklist]