env-sandboxlisted

# Env Sandbox — Agent Subprocess Environment Isolation > Every time an agent subprocess is spawned, its environment is filtered. This > skill documents the whitelist pattern, the single point of injection, and how > to add new variables safely. ## When to Use - When adding environment variables to agent subprocesses - When debugging "agent CLI fails to start" issues through Edge Server - When auditing or extending the whitelist ## Architecture | File | Role | |---|---| | `edge-server/internal/lifecycle/env_sanitizer.go` | `SanitizedEnv()`, `IsSensitiveEnvKey()`, `isWhitelistedEnvKey()` | | `edge-server/internal/lifecycle/process_executor.go` | `envForRun()` — single point where AGENTHUB_* runtime vars are appended | | `edge-server/internal/runnerctx/context_budget.go` | `ContextBudget` model for token-tracking in stream parsers | ## Key Principles 1. **Whitelist, not blacklist** — Start from empty, only pass through known-safe variables. 2. **Single source of truth** — `envForRun` is the ONLY place `AGENTHUB_RUN_ID`, `AGENTHUB_PROJECT_ID`, and `AGENTHUB_THREAD_ID` are added. Adapters must never set these. 3. **Adapter env is nil** — Adapters return nil/empty env slice; no per-adapter env logic. 4. **Cross-platform** — Use `runtime.GOOS` for platform-specific whitelists (Windows vs Unix/macOS). 5. **Sensitive key detection** — `IsSensitiveEnvKey` catches `_KEY`, `_SECRET`, `_TOKEN`, `_PASSWORD` suffixes plus exact-match well-known secrets. 6. **XDG compliance** — Prefix