Awesome project - very cool work, and I'm genuinely glad to see one with security considerations baked in from the start.
Related to that, I'm excited to help close the gap on reliable sandboxing/isolation in a containerized workflow. In cyber, a usable secure-by-default workflow is critical for adoption, especially with increasing threats targeting autonomous coding systems.
TL;DR
- What: sandbox execution had reliability issues across container runtime/host combinations.
- Why: base image/tooling mismatches, container-host permission contexts, and runtime env details caused failures.
- How: I validated two approaches:
- Minimal-change path: keep
python:3.11-slim and install only what sandbox execution needs.
- Alternative path: dedicated Node-first sandbox image with tighter toolchain control.
I am proposing a PR with the minimal-change Python-slim approach first, and documenting the dedicated-image approach as a future option if you want stronger packaging/control boundaries.
Awesome project - very cool work, and I'm genuinely glad to see one with security considerations baked in from the start.
Related to that, I'm excited to help close the gap on reliable sandboxing/isolation in a containerized workflow. In cyber, a usable secure-by-default workflow is critical for adoption, especially with increasing threats targeting autonomous coding systems.
TL;DR
python:3.11-slimand install only what sandbox execution needs.I am proposing a PR with the minimal-change Python-slim approach first, and documenting the dedicated-image approach as a future option if you want stronger packaging/control boundaries.