mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(#337): Enable Docker sandbox by default and warn when disabled

Browse Source 
- Sandbox now enabled by default for security
- Logs prominent warning when explicitly disabled
- Agents run in containers unless SANDBOX_ENABLED=false

Refs #337

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-05 15:43:00 -06:00
parent 65df2bbdd3
commit 949d0d0ead
4 changed files with 136 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/orchestrator/src/config/orchestrator.config.ts
View File

@@ -22,7 +22,7 @@ export const orchestratorConfig = registerAs("orchestrator", () => ({
enabled: process.env.KILLSWITCH_ENABLED === "true",
},
sandbox: {
enabled: process.env.SANDBOX_ENABLED === "true",
enabled: process.env.SANDBOX_ENABLED !== "false",
defaultImage: process.env.SANDBOX_DEFAULT_IMAGE ?? "node:20-alpine",
defaultMemoryMB: parseInt(process.env.SANDBOX_DEFAULT_MEMORY_MB ?? "512", 10),
defaultCpuLimit: parseFloat(process.env.SANDBOX_DEFAULT_CPU_LIMIT ?? "1.0"),