mirror of
https://github.com/anthropic-experimental/sandbox-runtime.git
synced 2026-07-04 10:04:49 +08:00
Make the TypeScript generateProxyEnvVars the single source of truth for
proxy environment on Windows, matching macOS/Linux. srt-win exec no
longer synthesizes proxy variables or accepts --http-proxy/--socks-proxy;
it forwards its own environment to the sandboxed child verbatim, so the
caller must supply the desired proxy set.
- launch.rs: build_env_block() now passes std::env::vars() through
unchanged (sorted for block ordering, no add/strip/dedup) plus the
broker PID the self-protect smoke test reads. Drop the ExecSpec
http_proxy/socks_proxy fields.
- main.rs: remove the --http-proxy/--socks-proxy flags from exec.
- windows-sandbox-utils.ts: wrapCommandWithSandboxWindows returns
{ argv, env }, where env merges generateProxyEnvVars(http, socks) over
process.env. The child inherits the full proxy set (HTTP/HTTPS/ALL_PROXY
plus DOCKER_*, GRPC_*, ...) through the spawn.
- sandbox-manager.ts / cli.ts: wrapWithSandboxArgv returns { argv, env }
and the spawn sites pass env through; macOS/Linux return process.env
unchanged (proxy env stays baked into the wrapped command there).
- tests: assert the proxy set rides in env, not argv flags; spawn helper
forwards env; smoke-exec E5 now proves exec forwards the broker env to
the child verbatim.
Also filter the generated TMPDIR (a POSIX path meant for the macOS/Linux
FS sandbox) out of the Windows child env, and route the smoke-exec
env-passthrough rows through a shared Invoke-WithEnv helper.