agent-Specialization/static
JOJO 6ee8cda2a7 feat(security): harden host execution model with sandbox/direct controls
This commit introduces a substantial security and runtime architecture update for host mode, with three major goals: (1) enforce OS-level sandboxing by default, (2) support a controlled temporary direct-execution escape hatch for admin users, and (3) eliminate silent fallback behavior that could hide risk.

Backend/runtime changes:\n- Added a unified host sandbox runner (macOS sandbox-exec / Linux bubblewrap+seccomp / Windows WSL2).\n- Converted host terminal creation to sandboxed interactive shells by default.\n- Kept run_command/run_python on the same execution policy and added host execution mode plumbing (sandbox|direct).\n- Added session-scoped direct mode with TTL auto-revert (default 10 minutes), configurable via environment.\n- Added execution mode APIs (GET/POST /api/execution-mode), host+admin gating, status propagation, and rate limiting.\n- Added runtime refresh hooks so tool calls honor TTL expiration and mode transitions consistently.\n- Removed docker->host silent fallback paths: docker startup/runtime failures now fail fast instead of degrading silently.\n- Added host sandbox prompt injection (host-only) to guide agent behavior under permission constraints.

Configuration and policy changes:\n- Added HOST_EXECUTION_MODE_DEFAULT and HOST_EXECUTION_DIRECT_TTL_SECONDS.\n- Added HOST_SANDBOX_MACOS_WRITABLE_PATHS to support user-defined writable path allowlists.\n- Updated macOS sandbox profile generation to use minimal defaults (workspace + tmp + /dev/null) plus explicit allowlist extensions.\n- Updated .env.example documentation for new execution/sandbox controls.

Frontend changes:\n- Extended permission popover to a two-column model (Permission + Execution Environment) for host admin sessions.\n- Added execution mode state/options to app state, fetching, and status synchronization flows.\n- Added execution mode switching action and user feedback toasts.\n- Kept warning emphasis via text styling only (removed warning border per UX request).

Validation:\n- Python syntax checks passed for modified backend modules.\n- Existing smoke tests passed: python3 -m unittest test.test_server_refactor_smoke\n- Frontend production build passed: npm run build
2026-05-10 19:19:01 +08:00
..
admin_api feat: add api admin ui and container status fix 2026-01-25 10:49:52 +08:00
admin_dashboard fix: repair admin monitor auth and add invite CRUD 2026-04-07 18:23:09 +08:00
admin_policy feat: polish admin policy UI and tool selection 2026-01-05 13:34:00 +08:00
custom_tools feat: add custom tools guide and id validation 2026-01-05 21:46:55 +08:00
demo feat: add loaders 15-17 to minimal loader pool 2026-04-05 15:14:06 +08:00
easter-eggs feat: modularize easter egg effects 2025-11-22 13:07:54 +08:00
file_manager chore: snapshot before usage menu update 2025-11-24 00:47:17 +08:00
icons feat: add MCP management and host-only runtime policy 2026-04-26 23:49:04 +08:00
liquid-glass-demo feat: stable version before virtual monitor timing fix 2025-12-13 17:12:12 +08:00
logo feat: 整合test/agents功能并更新配置 2026-04-13 17:47:19 +08:00
old_version_backup feat: modularize frontend layout 2025-11-25 22:41:15 +08:00
src feat(security): harden host execution model with sandbox/direct controls 2026-05-10 19:19:01 +08:00
vendor chore: initial import 2025-11-14 16:44:12 +08:00
debug-theme.html chore: snapshot current changes 2026-03-10 23:48:40 +08:00
index.html fix: 修复代码块复制、事件去重、任务结束、停止按钮bug 2026-04-04 01:03:06 +08:00
liquid-glass-demo.html feat: stable version before virtual monitor timing fix 2025-12-13 17:12:12 +08:00
liquid-glass-kube.html feat: stable version before virtual monitor timing fix 2025-12-13 17:12:12 +08:00
login.html fix: migrate auth pages to vue and bump android app to 1.0.17 2026-04-07 12:38:45 +08:00
mobile-overlay-demo.html feat: improve mobile overlays and focus panel 2025-11-26 23:50:57 +08:00
mobile-overlay-fab.html feat: improve mobile overlays and focus panel 2025-11-26 23:50:57 +08:00
register.html fix: migrate auth pages to vue and bump android app to 1.0.17 2026-04-07 12:38:45 +08:00
resource_busy.html feat: containerize terminals and add resource controls 2025-11-23 18:49:35 +08:00
security.js chore: snapshot before usage menu update 2025-11-24 00:47:17 +08:00
style.css chore: drop legacy css fallback 2025-11-25 21:15:32 +08:00
terminal.html fix: stabilize conversation loading 2025-11-29 23:13:11 +08:00