Record agent proxy sandbox env bindings

[paudley]

Summary

• record sanitized sandbox env_bindings for agent API proxy routing and interception CA trust
• make agent-shell process env override host proxy variables only when explicit agent API proxy routing is valid
• document the evidence surface and fix the syncstate pass-status constant that blocked pre-push lint

Validation

• go test -buildvcs=false ./go/cmd/coding-ethos-run ./go/internal/sandbox ./go/internal/managedcapture -run 'TestAgentShell(ProcessEnvOverridesHostProxyWhenRoutingEnabled|EnvBindingsRecordNamesOnly)|TestAgentShellSandboxPlanRoutesThroughNativeWrapper|TestBuildPlanRequiredUsesNativeWrapper|TestCapturedProcessEnv' -count=1
• go test -buildvcs=false ./go/cmd/coding-ethos-run ./go/internal/sandbox ./go/internal/managedcapture ./go/internal/syncstate -run 'TestAgentShell(ProcessEnvOverridesHostProxyWhenRoutingEnabled|EnvBindingsRecordNamesOnly)|TestAgentShellSandboxPlanRoutesThroughNativeWrapper|TestBuildPlanRequiredUsesNativeWrapper|TestCapturedProcessEnv|Test' -count=1
• bin/coding-ethos-run policy-tool golangci-lint ./go/cmd/coding-ethos-run/... ./go/internal/sandbox/... ./go/internal/managedcapture/... ./go/internal/syncstate/...
• make build
• make check (passes with existing non-blocking testing.go_coverage_goal warning)
• bin/coding-ethos-run policy-git diff --check

Closes #52

[coderabbitai]

Warning

Review limit reached

@paudley, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 57 minutes and 36 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 8b61c3c0-0da6-4c9b-be75-b200782a5ed8

📥 Commits

Reviewing files that changed from the base of the PR and between c6f4f15 and 49c3e48.

📒 Files selected for processing (8)

• README.md
• docs/AGENT_PROXY.md
• go/cmd/coding-ethos-run/agent_shell_ca_env_test.go
• go/cmd/coding-ethos-run/main_test.go
• go/cmd/coding-ethos-run/runtime_exec.go
• go/internal/managedcapture/capture.go
• go/internal/sandbox/sandbox.go
• go/internal/syncstate/state.go

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch paudley/52-agent-api-transparent-proxy

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[Copilot]

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

[gemini-code-assist]

Code Review

This pull request updates the sandbox execution environment to record only the names of injected proxy and CA environment variables in the sandbox evidence (env_bindings), ensuring sensitive values like proxy URLs and CA paths are not leaked. It introduces the EnvBindings field to sandbox capabilities and evidence, refactors environment filtering logic in runtime_exec.go, adds comprehensive unit tests, and updates the documentation. Additionally, it refactors syncstate/state.go to use a constant for the "pass" status. There are no review comments, so we have no feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[paudley]

Stage 2 status:

• Review threads: none.
• Gemini Code Assist reported no review comments.
• CodeRabbit and Copilot only reported quota/rate-limit notices.
• All CI checks are passing.
• Direct squash merge was blocked by base branch policy, so squash auto-merge is enabled.

Remaining blocker: required human review.