For just logging would it really give any more info than a trace already does?
replyForgot about that, was mostly thinking about how AI agents with unrestricted permissions would ideally have some external logging and monitoring, so there would be a record of what it touched. A trace has all of the raw information, so some kind of wrapper around that would be useful.
replyI'd like to know what level of details you'd expect. Something like `zerobox -- claude`, then you get an output log like this:
reply```
Read file /etc/passwd
Made network call to httpbin.org
Write file /tmp/access
```
etc.? I'm really interested to hear your thoughts and I will add that feature (I need something like that, too).
*strace that is - annoyingly it seems it was autocorrected away
replyI think there is still a valid case for sandbox logs/otel. strace would give you the syscalls/traces but not _why_ a particular call was blocked in side the sandbox (e.g. the decision making bit).
replyAgreed. I added the `--debug` flag this morning. It does simple logging including the proxy calls:
reply```
$ zerobox --debug --allow-net=httpbin.org -- curl
2026-04-01T18:06:33.928486Z CONNECT blocked (client=127.0.0.1:59225, host=example.com, reason=not_allowed)
curl: (56) CONNECT tunnel failed, response 403
```
I'm planning on adding otel integration as well.