agent-sandbox

mrtoth/agent-sandbox

Fork 0

Commit Graph

Author	SHA1	Message	Date
Kristóf Tóth	25f0037aab	Filter environment variables in both sandbox modes Whitelist mode now clears the parent env and re-adds a small allowlist (identity, terminal, locale, proxy, non-GUI XDG, vendor prefixes). Blacklist mode strips cloud credentials, backup passphrases, dangling socket pointers, and anything matching _TOKEN, _SECRET, _PASSWORD, _PASSPHRASE, _API_KEY, _PRIVATE_KEY, *_CLIENT_SECRET; vendor prefix carve-outs keep ANTHROPIC_API_KEY and friends. Users can override via --setenv KEY=VALUE and --unsetenv KEY (and the corresponding TOML keys), or opt out of the built-in policy entirely with --no-env-filter.	2026-04-08 09:22:11 +02:00
Kristóf Tóth	f0711f2894	Ship an example config file	2026-04-07 15:10:10 +02:00

Author

SHA1

Message

Date

Kristóf Tóth

25f0037aab

Filter environment variables in both sandbox modes

Whitelist mode now clears the parent env and re-adds a small allowlist
(identity, terminal, locale, proxy, non-GUI XDG, vendor prefixes).
Blacklist mode strips cloud credentials, backup passphrases, dangling
socket pointers, and anything matching *_TOKEN, *_SECRET, *_PASSWORD,
*_PASSPHRASE, *_API_KEY, *_PRIVATE_KEY, *_CLIENT_SECRET; vendor prefix
carve-outs keep ANTHROPIC_API_KEY and friends.

Users can override via --setenv KEY=VALUE and --unsetenv KEY (and the
corresponding TOML keys), or opt out of the built-in policy entirely
with --no-env-filter.

2026-04-08 09:22:11 +02:00

Kristóf Tóth

f0711f2894

Ship an example config file

2026-04-07 15:10:10 +02:00

2 Commits