Replace the always-force container removal (SIGKILL) with a two-phase
approach: first attempt graceful stop (SIGTERM with configurable timeout),
then remove without force. Falls back to force remove only if the graceful
path fails. The graceful stop timeout is configurable via
orchestrator.sandbox.gracefulStopTimeoutSeconds (default: 10s).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add validateImageTag() method to DockerSandboxService that validates
Docker image references against a safe character pattern before any
container creation. Rejects empty tags, tags exceeding 256 characters,
and tags containing shell metacharacters (;, &, |, $, backtick, etc.)
to prevent injection attacks. Also validates the default image tag at
service construction time to fail fast on misconfiguration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Drop all Linux capabilities by default (CapDrop: ALL)
- Enable read-only root filesystem (agents write to mounted /workspace volume)
- Limit process count to 100 to prevent fork bombs (PidsLimit)
- Add no-new-privileges security option to prevent privilege escalation
- Add DockerSecurityOptions type with configurable security settings
- All options are configurable via config but secure by default
- Add comprehensive tests for security hardening options (20+ new tests)
Refs #338
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add DEFAULT_ENV_WHITELIST constant with safe env vars (AGENT_ID, TASK_ID,
NODE_ENV, LOG_LEVEL, TZ, MOSAIC_* vars, etc.)
- Implement filterEnvVars() to separate allowed/filtered vars
- Log security warning when non-whitelisted vars are filtered
- Support custom whitelist via orchestrator.sandbox.envWhitelist config
- Add comprehensive tests for whitelist functionality (39 tests passing)
Prevents accidental leakage of secrets like API keys, database credentials,
AWS secrets, etc. to Docker containers.
Refs #338
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Sandbox now enabled by default for security
- Logs prominent warning when explicitly disabled
- Agents run in containers unless SANDBOX_ENABLED=false
Refs #337
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implemented three new API endpoints for knowledge graph visualization:
1. GET /api/knowledge/graph - Full knowledge graph
- Returns all entries and links with optional filtering
- Supports filtering by tags, status, and node count limit
- Includes orphan detection (entries with no links)
2. GET /api/knowledge/graph/stats - Graph statistics
- Total entries and links counts
- Orphan entries detection
- Average links per entry
- Top 10 most connected entries
- Tag distribution across entries
3. GET /api/knowledge/graph/:slug - Entry-centered subgraph
- Returns graph centered on specific entry
- Supports depth parameter (1-5) for traversal distance
- Includes all connected nodes up to specified depth
New Files:
- apps/api/src/knowledge/graph.controller.ts
- apps/api/src/knowledge/graph.controller.spec.ts
Modified Files:
- apps/api/src/knowledge/dto/graph-query.dto.ts (added GraphFilterDto)
- apps/api/src/knowledge/entities/graph.entity.ts (extended with new types)
- apps/api/src/knowledge/services/graph.service.ts (added new methods)
- apps/api/src/knowledge/services/graph.service.spec.ts (added tests)
- apps/api/src/knowledge/knowledge.module.ts (registered controller)
- apps/api/src/knowledge/dto/index.ts (exported new DTOs)
- docs/scratchpads/71-graph-data-api.md (implementation notes)
Test Coverage: 21 tests (all passing)
- 14 service tests including orphan detection, filtering, statistics
- 7 controller tests for all three endpoints
Follows TDD principles with tests written before implementation.
All code quality gates passed (lint, typecheck, tests).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
