Skip to content

feat(sandbox): introduce bubblewrap support and enhance sandbox management#728

Open
ba0f3 wants to merge 1 commit intonextlevelbuilder:devfrom
ba0f3:featues/bubblewrap-sandbox
Open

feat(sandbox): introduce bubblewrap support and enhance sandbox management#728
ba0f3 wants to merge 1 commit intonextlevelbuilder:devfrom
ba0f3:featues/bubblewrap-sandbox

Conversation

@ba0f3
Copy link
Copy Markdown
Contributor

@ba0f3 ba0f3 commented Apr 6, 2026

Summary

Sandbox

  • Adds a bubblewrap (bwrap) backend — isolated exec without Docker; config selects docker (default) or bwrap.
  • Optional CPU/memory/pids limits for bwrap via systemd-run when available; isolation still works without it.

Workspace security + exec

  • Before: the sandbox often mounted the full agent workspace at /workspace, so exec could read/write the entire tree; built-in tools could enforce paths in app code only.
  • After: SandboxHostMountRoot prefers ToolWorkspaceFromCtx (the real session directory). Docker and bwrap use the same host path — the sandbox only sees that session subtree, not sibling channels/groups/DMs.

Group chat paths

  • Group layout: …/agent/channel/group (e.g. Telegram group = chat id like -100…), dropping the redundant group_channel_… segment under the channel folder.
  • shouldShareWorkspace: ids group:… never widen to the shared base (avoids exposing the whole channel root and other chats).

Ops note

  • Path changes may require a one-time move of existing on-disk data if you already had the old layout.

Type

  • Feature
  • Bug fix
  • Hotfix (targeting main)
  • Refactor
  • Docs
  • CI/CD

Target Branch

Checklist

  • go build ./... passes
  • go build -tags sqliteonly ./... passes (if Go changes)
  • go vet ./... passes
  • Tests pass: go test -race ./...
  • Web UI builds: cd ui/web && pnpm build (if UI changes)
  • No hardcoded secrets or credentials
  • SQL queries use parameterized $1, $2 (no string concat)
  • New user-facing strings added to all 3 locales (en/vi/zh)
  • Migration version bumped in internal/upgrade/version.go (if new migration)

Test Plan

@ba0f3
feat(sandbox): introduce bubblewrap support and enhance sandbox manag…
9150baa 
…ement

- Added support for bubblewrap as an alternative to Docker for sandbox execution.
- Implemented a SandboxRouter to dynamically select between Docker and bubblewrap based on configuration.
- Enhanced the ConfigMethods to expose runtime flags for the sandbox UI.
- Updated various tools to utilize the new sandbox management features, ensuring proper path resolution and execution within the selected sandbox environment.
- Added tests for sandbox path handling and configuration to ensure robustness.

This update improves the flexibility and security of executing commands in isolated environments.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ba0f3