Zamil Majdy 1dd53db21c feat(chat/sandbox): bubblewrap sandbox for bash_exec, remove python_exec ...

- Replace `--ro-bind / /` with whitelist-only filesystem: only /usr, /etc,
  /bin, /lib, /sbin mounted read-only. /app, /root, /home, /opt, /var are
  completely invisible inside the sandbox.
- Add `--clearenv` to wipe all inherited env vars (API keys, DB passwords).
  Only safe vars (PATH, HOME=workspace, LANG) are explicitly set.
- Remove python_exec tool — bash_exec can run `python3 -c` or heredocs with
  identical bubblewrap protection, reducing attack surface.
- Remove all fallback security code (import hooks, blocked modules, network
  command lists). Tools now hard-require bubblewrap — disabled on platforms
  without bwrap.
- Clean up security_hooks.py: remove ~200 lines of dead bash validation code,
  add Bash to BLOCKED_TOOLS as defence-in-depth.
- Wire up long-running tool callback in SDK service for create_agent/edit_agent
  delegation to Redis Streams background infrastructure.

2026-02-12 21:44:40 +04:00

..

agent_generator

feat(platform): Add Redis-based SSE reconnection for long-running CoPilot operations (#11877)

2026-02-03 16:52:06 +01:00

blocks

feat(blocks): Add Google Docs integration blocks (#11608)

2026-01-05 18:36:56 +00:00

chat

feat(chat/sandbox): bubblewrap sandbox for bash_exec, remove python_exec

2026-02-12 21:44:40 +04:00

sdk

refactor(backend): Reduce circular imports (#12068)

2026-02-12 12:07:49 +00:00

__init__.py

chore(frontend): ci caching + e2e test data script (#10446)

2025-07-24 19:17:14 +00:00

e2e_test_data.py

fix(e2e): Make E2E test data deterministic and fix flaky tests (#11890)

2026-01-30 05:12:35 +00:00

load_store_agents.py

refactor(backend): Reduce circular imports (#12068)

2026-02-12 12:07:49 +00:00

test_data_creator.py

simplify test and add reset-db make command

2025-10-17 11:12:00 +02:00

test_data_updater.py

…