fix(#411): complete 2026-02-17 remediation sweep

Apply RLS context at task service boundaries, harden orchestrator/web integration and session startup behavior, re-enable targeted frontend tests, and lock vulnerable transitive dependencies so QA and security gates pass cleanly.
2026-02-17 14:19:15 -06:00
parent 254f85369b
commit cab8d690ab
22 changed files with 605 additions and 744 deletions
--- a/apps/orchestrator/src/config/orchestrator.config.ts
+++ b/apps/orchestrator/src/config/orchestrator.config.ts
@@ -29,7 +29,7 @@ export const orchestratorConfig = registerAs("orchestrator", () => ({
    defaultImage: process.env.SANDBOX_DEFAULT_IMAGE ?? "node:20-alpine",
    defaultMemoryMB: parseInt(process.env.SANDBOX_DEFAULT_MEMORY_MB ?? "512", 10),
    defaultCpuLimit: parseFloat(process.env.SANDBOX_DEFAULT_CPU_LIMIT ?? "1.0"),
-    networkMode: process.env.SANDBOX_NETWORK_MODE ?? "bridge",
+    networkMode: process.env.SANDBOX_NETWORK_MODE ?? "none",
  },
  coordinator: {
    url: process.env.COORDINATOR_URL ?? "http://localhost:8000",