Cool project, and I think there would be a lot of value in just logging all operations.

For just logging would it really give any more info than a trace already does?

Forgot about that, was mostly thinking about how AI agents with unrestricted permissions would ideally have some external logging and monitoring, so there would be a record of what it touched. A trace has all of the raw information, so some kind of wrapper around that would be useful.

	▲	afshinmeh 3 hours ago \| parent [-]
		I'd like to know what level of details you'd expect. Something like `zerobox -- claude`, then you get an output log like this: ``` Read file /etc/passwd Made network call to httpbin.org Write file /tmp/access ``` etc.? I'm really interested to hear your thoughts and I will add that feature (I need something like that, too).

▲

kimixa 13 minutes ago | parent | prev [-]

*strace that is - annoyingly it seems it was autocorrected away

	▲	afshinmeh 4 minutes ago \| parent [-]
		I think there is still a valid case for sandbox logs/otel. strace would give you the syscalls/traces but not _why_ a particular call was blocked in side the sandbox (e.g. the decision making bit).

▲

afshinmeh 4 hours ago | parent | prev [-]

Agreed. I added the `--debug` flag this morning. It does simple logging including the proxy calls:

```

$ zerobox --debug --allow-net=httpbin.org -- curl

2026-04-01T18:06:33.928486Z CONNECT blocked (client=127.0.0.1:59225, host=example.com, reason=not_allowed)

curl: (56) CONNECT tunnel failed, response 403

```

I'm planning on adding otel integration as well.