The GitHub Actions job "sandbox-lint" on magpie.git/feat/sandbox-credentials-envvars has failed. Run started by GitHub user potiuk (triggered by potiuk).
Head commit for run: 1ace26db8c14892ffe941e553b69717430ddf56b / Jarek Potiuk <[email protected]> feat(agent-isolation): protect secret env vars via sandbox.credentials Add a `sandbox.credentials.envVars` block (claude-code 2.1.187+) to the dogfooded `.claude/settings.json`, with `mode: "deny"` for the secret environment variables a sandboxed command could otherwise read. This closes a real gap: `sandbox.filesystem.denyRead` and the `permissions.deny[Read(...)]` rules are filesystem-only and do NOT stop a sandboxed Bash command from reading `$ANTHROPIC_API_KEY`, `$GH_TOKEN`, or dumping `env`. `sandbox.credentials.envVars` is the only layer that covers environment variables. `mode: "deny"` unsets the variable for sandboxed commands only — the unsandboxed agent process keeps its own auth, and sandbox-bypassed commands (e.g. `gh`, which authenticates via ~/.config/gh) are unaffected. Credential FILES are already covered by `denyRead: ["~/"]`, so only `envVars` is added. The annotated copy in docs/setup/secure-agent-setup.md is updated to match, documenting the env-var gap and the deny-vs-mask choice. Generated-by: Claude Code (Opus 4.8) Report URL: https://github.com/apache/magpie/actions/runs/28299822637 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
