mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
e747c8db0451e3d9056b395d2e01f05e94f7fc09
stack/apps
History
Jason Woltje e747c8db04 fix(#338): Whitelist allowed environment variables in Docker containers 
- Add DEFAULT_ENV_WHITELIST constant with safe env vars (AGENT_ID, TASK_ID,
  NODE_ENV, LOG_LEVEL, TZ, MOSAIC_* vars, etc.)
- Implement filterEnvVars() to separate allowed/filtered vars
- Log security warning when non-whitelisted vars are filtered
- Support custom whitelist via orchestrator.sandbox.envWhitelist config
- Add comprehensive tests for whitelist functionality (39 tests passing)

Prevents accidental leakage of secrets like API keys, database credentials,
AWS secrets, etc. to Docker containers.

Refs #338

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 18:17:00 -06:00
..
api
fix(#338): Validate DEFAULT_WORKSPACE_ID as UUID
2026-02-05 16:55:48 -06:00
coordinator
fix(#338): Log queue corruption and backup corrupted file
2026-02-05 18:13:15 -06:00
orchestrator
fix(#338): Whitelist allowed environment variables in Docker containers
2026-02-05 18:17:00 -06:00
web
fix(#338): Standardize API base URL and auth mechanism across components
2026-02-05 18:04:01 -06:00