pub fn build_sanitized_env(
current_env: &HashMap<String, String>,
sandbox_active: bool,
network_disabled: bool,
sandbox_type: &str,
writable_roots: &[&Path],
) -> HashMap<String, String>Expand description
Build a sanitized environment for sandboxed child processes.
Implements the Codex pattern: “Completely clear the environment and rebuild it with only the variables you actually want.”