feat(sandbox-lint): add --any-harness posture check; declare harness agnostic#839
Merged
Merged
Conversation
potiuk
approved these changes
Jul 12, 2026
…agnostic For runtimes without a dedicated settings file (Codex, Cursor, Gemini CLI, Kiro, and others), the security posture comes from the two OS-level enforcement components that are now harness-agnostic: * Layer 0 — clean-env credential strip: tools/agent-isolation/agent-iso.sh (made harness-agnostic by harness-posture-portability) * Layer 3 — action guard harness-neutral path: tools/agent-guard/ dispatch core with --exec (added by harness-guard-exec-mode) sandbox-lint --any-harness [FRAMEWORK_ROOT] checks that both components are present in the framework tree. FRAMEWORK_ROOT defaults to the nearest ancestor directory containing tools/agent-isolation/ (auto-detected by walking up from CWD). Exits 0 when both are present, 1 otherwise. Changes: - New tools/sandbox-lint/src/sandbox_lint/posture.py: PostureViolation, check_posture_violations(), find_framework_root() - New tools/sandbox-lint/tests/test_posture.py: 12 tests (unit + CLI) - tools/sandbox-lint/src/sandbox_lint/__init__.py: --any-harness flag wired to _lint_any_harness(); argparse uses nargs="?" const=True / default=None - tools/sandbox-lint/README.md: **Harness:** agnostic, new "Harness-neutral posture check (any runtime)" section with layer table - docs/vendor-neutrality.md: refresh generated block (sandbox-lint moves from portable → agnostic, any-harness count 17 → 18) All 77 tests pass. mypy clean. ruff clean. Generated-by: Claude (claude-sonnet-4-6)
4306e0f to
c0f8e90
Compare
potiuk
approved these changes
Jul 12, 2026
potiuk
left a comment
Member
There was a problem hiding this comment.
Rebased onto latest main (regenerated docs/vendor-neutrality.md to resolve the sole conflict). sandbox-lint tests, ruff, mypy, and the vendor-neutrality regen all pass locally. Clean, well-tested addition of the --any-harness posture check. Approving.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
For runtimes without a dedicated settings file (Codex, Cursor, Gemini CLI,
Kiro, and others), the security posture comes from the two OS-level
enforcement components that are now harness-agnostic:
(made harness-agnostic by harness-posture-portability)
core with --exec (added by harness-guard-exec-mode)
sandbox-lint --any-harness [FRAMEWORK_ROOT] checks that both components are
present in the framework tree. FRAMEWORK_ROOT defaults to the nearest ancestor
directory containing tools/agent-isolation/ (auto-detected by walking up from
CWD). Exits 0 when both are present, 1 otherwise.
Changes:
check_posture_violations(), find_framework_root()
to _lint_any_harness(); argparse uses nargs="?" const=True / default=None
posture check (any runtime)" section with layer table
from portable → agnostic, any-harness count 17 → 18)
All 77 tests pass. mypy clean. ruff clean.
Generated-by: Claude (claude-sonnet-4-6)
Type of change
.claude/skills/<name>/) — eval fixtures updated belowtools/<system>/*.md)tools/*/withpyproject.toml)docs/,README.md,CONTRIBUTING.md)projects/_template/)prek, workflows, validators)Test plan
prek run --all-filespassesuv run pytest/ruff check/mypypasses(
PYTHONPATH=tools/skill-evals/src python3 -m skill_evals.runner tools/skill-evals/evals/<skill>/)(a regression test for the bug fixed / the behaviour added — see CONTRIBUTING.md)