MembraneInputs

Properties

apiKeyHelperPath?

optional apiKeyHelperPath?: string | null

api-key mode: bind this helper script RO so claude can exec it. RESIDUAL: cat-able by an in-sandbox agent (host hygiene only, same class as audit R3/R4) — NOT in-membrane secrecy.

claudeDir

claudeDir: string

Defined in: src/sandbox.ts:171

CLAUDE_CONFIG_DIR ?? ~/.claude (caller passes resolved).

extraEnv?

optional extraEnv?: Record<string, string>

Defined in: src/sandbox.ts:179

Non-secret host env vars to pass through under --clearenv (e.g. LANG/TZ); caller builds this via collectPassthroughEnv. HOME/PATH/TERM are always set separately and must NOT be included here.

gitCommonDir

gitCommonDir: string

Defined in: src/sandbox.ts:166

ABSOLUTE shared object store (the worktree’s .git is a file pointing here).

home

home: string

Defined in: src/sandbox.ts:172

isolated

isolated: boolean

Defined in: src/sandbox.ts:168

false => session runs in repoPath (bind repoPath rw) instead of worktree+common.

maskCredentials?

optional maskCredentials?: boolean

Defined in: src/sandbox.ts:189

api-key mode: present /.credentials.json as GENUINELY ABSENT inside the sandbox (not an empty /dev/null overlay) by binding every child of claudeDir individually EXCEPT the credential file — matching the credential-less CLAUDE_CONFIG_DIR mirror (auth-config-dir.ts). Also skips the rw credentials bind. So no “Use custom API key?”/re-auth prompt fires.

nodeBinReal

nodeBinReal: string

Defined in: src/sandbox.ts:174

realpath of resolveNodeBin() (caller passes resolved).

repoPath

repoPath: string

Defined in: src/sandbox.ts:169

term?

optional term?: string

Defined in: src/sandbox.ts:175

worktreePath

worktreePath: string

Defined in: src/sandbox.ts:164