Skip to content

fix(sandbox): complete phase 3 violations and policy fixes#59

Merged
haowu1234 merged 1 commit into
agentic-in:mainfrom
haowu1234:feat/sandbox-fixes
Jun 1, 2026
Merged

fix(sandbox): complete phase 3 violations and policy fixes#59
haowu1234 merged 1 commit into
agentic-in:mainfrom
haowu1234:feat/sandbox-fixes

Conversation

@haowu1234
Copy link
Copy Markdown
Contributor

@haowu1234 haowu1234 commented May 29, 2026

Summary

Addresses 6 issues identified in the sandbox capability review (all except Mother integration):

  • P0: allow_env fixSecurityGuard.sanitize_env() now accepts exempt_vars parameter; elephant sandbox allow env NODE_AUTH_TOKEN actually works
  • P0: deny_write fixSeatbeltPolicyBuilder.add_deny_write_paths() generates real (deny file-write* (subpath ...)) rules
  • P1: Violation feedback_detect_violations() parses stderr, maps to structured diagnostics like sandbox:denied:write .git/hooks (protected: git hook injection prevention)
  • P1: Dead code eliminationfrom_config_section() now calls mode_to_policy() from sandbox_mode.py instead of duplicated inline logic
  • P2: Toolchain whitelistadd_toolchain_paths() auto-detects ~/.pyenv, ~/.nvm, ~/.rustup, ~/.cargo, etc.
  • P1: Verify commandwrite_cwd probe adapts to readonly mode; network probe verifies connectivity when allowed

Test plan

  • 174 unit tests pass
  • Live verified: allow_env exempts NODE_AUTH_TOKEN in sandbox
  • Live verified: deny_write blocks writes to specified paths
  • Live verified: violation diagnostics returned for .git/hooks write attempt
  • Live verified: mode_to_policy() correctly drives seatbelt options
  • Live verified: 4 modes differentiate correctly (17/17 E2E checks pass)

🤖 Generated with Claude Code

@netlify
Copy link
Copy Markdown

netlify Bot commented May 29, 2026
edited
Loading

Deploy Preview for rad-granita-26ed35 ready!

Name Link
🔨 Latest commit b928ef9
🔍 Latest deploy log https://app.netlify.com/projects/rad-granita-26ed35/deploys/6a1cec439c4d9f0008e3f10f
😎 Deploy Preview https://deploy-preview-59--rad-granita-26ed35.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

@haowu1234 haowu1234 force-pushed the feat/sandbox-fixes branch 7 times, most recently from 64e3f3b to 698d0d4 Compare May 29, 2026 07:30
@haowu1234 @claude
fix(sandbox): complete phase 3 violations and policy fixes
b928ef9 
- allow_env: SecurityGuard accepts exempt_vars, SeatbeltBackend passes it
- deny_write: SeatbeltPolicyBuilder.add_deny_write_paths() generates rules
- Violation feedback: _detect_violations() + ViolationStore + CLI command
- Wire sandbox_mode.py into from_config_section (eliminate dead code)
- safe/dev use restrict_file_read=False (allow-all-read + credential deny)
- verify: 9 probes including cred_protect, hooks_protect, env_filter
- file.write handler aligned with seatbelt (only block .git/hooks not all)
- Toolchain auto-detection + Xcode CLT + home dotfiles whitelist

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@haowu1234 haowu1234 force-pushed the feat/sandbox-fixes branch from 698d0d4 to b928ef9 Compare June 1, 2026 02:19
@haowu1234 haowu1234 changed the title fix(sandbox): wire mode_to_policy, violation feedback, allow_env/deny_write fix(sandbox): complete phase 3 violations and policy fixes Jun 1, 2026
@haowu1234 haowu1234 merged commit b342fa5 into agentic-in:main Jun 1, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@haowu1234