From b220c426140aaade8385d244dc49239ea688f454 Mon Sep 17 00:00:00 2001
From: JY Tan <jy8230@gmail.com>
Date: Fri, 19 Dec 2025 12:24:01 -0800
Subject: [PATCH] Refine log monitoring predicate to filter for specific
 session violations

---
 internal/sandbox/monitor.go | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/internal/sandbox/monitor.go b/internal/sandbox/monitor.go
index 82a7352..2dcb4d9 100644
--- a/internal/sandbox/monitor.go
+++ b/internal/sandbox/monitor.go
@@ -42,12 +42,10 @@ func (m *LogMonitor) Start() error {
 	ctx, cancel := context.WithCancel(context.Background())
 	m.cancel = cancel
 
-	// Build predicate to filter for our session's violations
-	// Note: We use the broader "_SBX" suffix to ensure we capture events
-	// even if there's a slight delay in log delivery
-	predicate := `eventMessage ENDSWITH "_SBX"`
+	// Build predicate to filter for this session's violations only
+	predicate := fmt.Sprintf(`eventMessage ENDSWITH "%s"`, m.sessionSuffix)
 
-	m.cmd = exec.CommandContext(ctx, "log", "stream",
+	m.cmd = exec.CommandContext(ctx, "log", "stream", //nolint:gosec // predicate is constructed from trusted session suffix
 		"--predicate", predicate,
 		"--style", "compact",
 	)