Restrict bubblewrap /proc and /dev exposure

[Copilot]

The bubblewrap sandbox was mounting full /proc and /dev, exposing process metadata and device nodes to sandboxed scripts. This narrows the sandbox surface to only the device files needed by typical execution.

• Sandbox mounts

  • Removed full /proc mount.
  • Replaced full /dev mount with explicit device binds:

    "--dev-bind", "/dev/null", "/dev/null",
    "--dev-bind", "/dev/zero", "/dev/zero",
    "--dev-bind", "/dev/urandom", "/dev/urandom",

• Shared bwrap helper

  • Aligned buildBwrapCommand() with the runtime server’s restricted device policy.

• Tests

  • Updated bwrap unit coverage to assert full /proc and /dev are not mounted, while required minimal devices remain available.

[mrjf]

@copilot fix ci tests

[Copilot]

@copilot fix ci tests

Fixed in 0311cb0 by creating /dev inside the sandbox before binding the minimal device nodes. I reproduced the /dev/null permission failure locally and verified the fix with focused bwrap tests, typecheck, the full test suite, and validation.

[mrjf]

@copilot fix ci

[Copilot]

@copilot fix ci

Fixed in 3c272d7. I addressed the failing skill-test paths by retrying GitHub’s eventual-consistency issue visibility check and the transient Base branch was modified PR merge failure. Local bun run typecheck, bun run test, shell syntax validation, secret scanning, and CodeQL validation passed. The latest GitHub CI runs are currently action_required with no jobs, which appears to require maintainer approval before CI can execute.