fix(#337): Enable Docker sandbox by default and warn when disabled

- Sandbox now enabled by default for security - Logs prominent warning when explicitly disabled - Agents run in containers unless SANDBOX_ENABLED=false Refs #337 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 15:43:00 -06:00
parent 65df2bbdd3
commit 949d0d0ead
4 changed files with 136 additions and 2 deletions
--- a/apps/orchestrator/src/spawner/docker-sandbox.service.spec.ts
+++ b/apps/orchestrator/src/spawner/docker-sandbox.service.spec.ts
@@ -1,5 +1,6 @@
 import { ConfigService } from "@nestjs/config";
-import { describe, it, expect, beforeEach, vi } from "vitest";
+import { Logger } from "@nestjs/common";
+import { describe, it, expect, beforeEach, vi, afterEach } from "vitest";
 import { DockerSandboxService } from "./docker-sandbox.service";
 import Docker from "dockerode";

@@ -331,4 +332,45 @@ describe("DockerSandboxService", () => {
      expect(disabledService.isEnabled()).toBe(false);
    });
  });
+
+  describe("security warning", () => {
+    let warnSpy: ReturnType<typeof vi.spyOn>;
+
+    beforeEach(() => {
+      warnSpy = vi.spyOn(Logger.prototype, "warn").mockImplementation(() => undefined);
+    });
+
+    afterEach(() => {
+      warnSpy.mockRestore();
+    });
+
+    it("should log security warning when sandbox is disabled", () => {
+      const disabledConfigService = {
+        get: vi.fn((key: string, defaultValue?: unknown) => {
+          const config: Record<string, unknown> = {
+            "orchestrator.docker.socketPath": "/var/run/docker.sock",
+            "orchestrator.sandbox.enabled": false,
+            "orchestrator.sandbox.defaultImage": "node:20-alpine",
+            "orchestrator.sandbox.defaultMemoryMB": 512,
+            "orchestrator.sandbox.defaultCpuLimit": 1.0,
+            "orchestrator.sandbox.networkMode": "bridge",
+          };
+          return config[key] !== undefined ? config[key] : defaultValue;
+        }),
+      } as unknown as ConfigService;
+
+      new DockerSandboxService(disabledConfigService, mockDocker);
+
+      expect(warnSpy).toHaveBeenCalledWith(
+        "SECURITY WARNING: Docker sandbox is DISABLED. Agents will run directly on the host without container isolation."
+      );
+    });
+
+    it("should not log security warning when sandbox is enabled", () => {
+      // Use the default mockConfigService which has sandbox enabled
+      new DockerSandboxService(mockConfigService, mockDocker);
+
+      expect(warnSpy).not.toHaveBeenCalledWith(expect.stringContaining("SECURITY WARNING"));
+    });
+  });
 });
--- a/apps/orchestrator/src/spawner/docker-sandbox.service.ts
+++ b/apps/orchestrator/src/spawner/docker-sandbox.service.ts
@@ -53,6 +53,12 @@ export class DockerSandboxService {
    this.logger.log(
      `DockerSandboxService initialized (enabled: ${this.sandboxEnabled.toString()}, socket: ${socketPath})`
    );
+
+    if (!this.sandboxEnabled) {
+      this.logger.warn(
+        "SECURITY WARNING: Docker sandbox is DISABLED. Agents will run directly on the host without container isolation."
+      );
+    }
  }

  /**