The GitHub Actions job "sandbox-lint" on 
magpie.git/feat/sandbox-credentials-envvars has failed.
Run started by GitHub user potiuk (triggered by potiuk).

Head commit for run:
1ace26db8c14892ffe941e553b69717430ddf56b / Jarek Potiuk <[email protected]>
feat(agent-isolation): protect secret env vars via sandbox.credentials

Add a `sandbox.credentials.envVars` block (claude-code 2.1.187+) to
the dogfooded `.claude/settings.json`, with `mode: "deny"` for the
secret environment variables a sandboxed command could otherwise
read.

This closes a real gap: `sandbox.filesystem.denyRead` and the
`permissions.deny[Read(...)]` rules are filesystem-only and do NOT
stop a sandboxed Bash command from reading `$ANTHROPIC_API_KEY`,
`$GH_TOKEN`, or dumping `env`. `sandbox.credentials.envVars` is the
only layer that covers environment variables.

`mode: "deny"` unsets the variable for sandboxed commands only — the
unsandboxed agent process keeps its own auth, and sandbox-bypassed
commands (e.g. `gh`, which authenticates via ~/.config/gh) are
unaffected. Credential FILES are already covered by
`denyRead: ["~/"]`, so only `envVars` is added.

The annotated copy in docs/setup/secure-agent-setup.md is updated to
match, documenting the env-var gap and the deny-vs-mask choice.

Generated-by: Claude Code (Opus 4.8)

Report URL: https://github.com/apache/magpie/actions/runs/28299822637

With regards,
GitHub Actions via GitBox


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to