Implement sandboxed command execution layer #2
Description
Critical security component - AI-generated commands must run in isolated environment.
Requirements:
- Use Firejail or similar containerization
- Whitelist of allowed commands
- Resource limits (CPU, memory, disk)
- Dry-run mode (show what would execute)
- Rollback capability if command fails
- Comprehensive logging
Security Considerations:
- Never allow:
rm -rf /,dd, destructive operations - Require sudo only for package installation
- Timeout after 5 minutes
- Validate all file paths
Acceptance Criteria:
- Commands run in isolated environment
- Malicious commands blocked
- Resource limits enforced
- Security audit passed
- Performance overhead <10%
Skills: Linux security, containers, Python/C
Bounty: $500 upon security review + merge